[geeklog-devel] Bug with anti-hacking functionality can cause users to be incorrectly booted out
Blank, Jessica
Jessica.Blank at mtvnmix.com
Thu Mar 13 12:06:52 EDT 2008
Mea culpa. I hit the wrong key combination and the email went out into
the aether. I meant to close the message below by attaching a screen
shot (see attached PNG) displaying this behaviour.
I am assuming that this is not desired behaviour. I believe it should
not be difficult to reproduce this bug. If you have some difficulty
doing so, let me know, but I suspect the bug should be triggered by
attempting to log in $_CONF['login_attempts'] times with incorrect
information, then entering CORRECT information.
--Jessica
<<welcome_loggedout.png>>
> _____________________________________________
> From: Blank, Jessica
> Sent: Thursday, March 13, 2008 12:04 PM
> To: 'Geeklog Development'
> Subject: Bug with anti-hacking functionality can cause users to
> be incorrectly booted out
>
> Hi gang.
>
> I've been discovering a range of subtle bugs with the login
> functionality in the CVS version of Geeklog 1.X. Here's one:
>
> If you make several incorrect login attempts, then attempt to log in
> again WITH THE CORRECT INFORMATION, it can show you "Welcome,
> [username]" as if you are logged in... and, right below that, a notice
> that you had exceeded the number of allowed login attempts.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: welcome_loggedout.png
Type: image/png
Size: 65050 bytes
Desc: welcome_loggedout.png
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.png>
More information about the geeklog-devel
mailing list