i had a zoom call with people to discuss a major vulnerability i found.
i think we’re talking about different things, its when i logged into poprock’s account with a password, even though he had no password assigned.
this sounds like a bug with your client rather than the server — as far as i can tell, i haven’t touched auth code in years
all i know is apparently i logged into an account with a password even though the account had no password assigned, and then you gave me a warning
that sounds more like the user configured their account wrong. right now its possible for someone to set their password to be blank (which is different from disabling password login).