[Chilli] Username leakage
Wichert Akkerman
wichert at wiggy.net
Thu May 20 11:29:07 UTC 2010
I noticed something interesting today with the current svn trunk. I did
the following:
* attempt a WISPr login with invalid password for a user
* connect the same machine directly using chilli_query without
specifying another username
After this the machine was properly set to pass, but still associated
with the user name used for the WISPr request. It looks like somewhere
some data is not being cleared properly.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Chilli
mailing list