HAP v10.2 Security Issue?
We have been using HAP for over a year now and are really happy with it. I've just upgraded to v10.2 and after a bit of playing around I have noticed that if you change the login url from /login.aspx?ReturnUrl=%2f to /setup.aspx I can access the backend with no authentication challenge!
Has anyone seen the same thing or something similar?
Quick Edit: without entering any passwords I have successfully added an AD group to HAP and changed around the front page icons!!