We have a tech support website/database at work that we use to record our interactions with customers. Our tech support people are not capable of creating their own accounts. We also use Mantis on the same server as a way to keep track of bugs.
Inside the tech support site we would like to have a link to Mantis so that our tech support people can quickly enter a bug report. Quickly, meaning that the tech support person shouldn't have to login to Mantis after they click the link.
So we are calling a modified authentication function within Mantis from our tech support site that checks for the user name, and if it exists automatically logs the user into Mantis. No password check, because we were in a big rush with a lot of more important things going on.
Is this a security risk?