[geeklog-devel] Bug with anti-hacking functionality can cause users to be incorrectly booted out

Blank, Jessica Jessica.Blank at mtvnmix.com
Thu Mar 13 12:06:52 EDT 2008


Mea culpa. I hit the wrong key combination and the email went out into
the aether. I meant to close the message below by attaching a screen
shot (see attached PNG) displaying this behaviour.

I am assuming that this is not desired behaviour. I believe it should
not be difficult to reproduce this bug. If you have some difficulty
doing so, let me know, but I suspect the bug should be triggered by
attempting to log in $_CONF['login_attempts'] times with incorrect
information, then entering CORRECT information.

--Jessica

 <<welcome_loggedout.png>> 
> _____________________________________________ 
> From: 	Blank, Jessica  
> Sent:	Thursday, March 13, 2008 12:04 PM
> To:	'Geeklog Development'
> Subject:	Bug with anti-hacking functionality can cause users to
> be incorrectly booted out
> 
> Hi gang.
> 
> I've been discovering a range of subtle bugs with the login
> functionality in the CVS version of Geeklog 1.X. Here's one:
> 
> If you make several incorrect login attempts, then attempt to log in
> again WITH THE CORRECT INFORMATION, it can show you "Welcome,
> [username]" as if you are logged in... and, right below that, a notice
> that you had exceeded the number of allowed login attempts.
> 
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: welcome_loggedout.png
Type: image/png
Size: 65050 bytes
Desc: welcome_loggedout.png
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080313/32801911/attachment.png>


More information about the geeklog-devel mailing list