[Chilli] Username leakage

Wichert Akkerman wichert at wiggy.net
Thu May 20 11:29:07 UTC 2010

I noticed something interesting today with the current svn trunk. I did 
the following:

* attempt a WISPr login with invalid password for a user
* connect the same machine directly using chilli_query without
   specifying another username

After this the machine was properly set to pass, but still associated 
with the user name used for the WISPr request. It looks like somewhere
some data is not being cleared properly.


Wichert Akkerman <wichert at wiggy.net>   It is simple to make things.
http://www.wiggy.net/                  It is hard to make things simple.

More information about the Chilli mailing list