< PHPCRED-26: Check PHPCredLocker on a Raspberry Pi
PHPCRED-28: Users won't be able to log-in if they access through a reverse proxy using a different hostname >
PHPCRED-27: An Injected Session will still be accepted if the Sessionkey is blank
Projects
PHPCRED
PHPCRED-27
Issue Information
Issue Type
: Bug
Priority
:
Major
Status
:
Closed
Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project:
PHPCredlocker (
PHPCRED
)
Resolution:
Fixed (2014-11-11 19:37:29)
Affects Version:
1.5
,
Target version:
1.25
,
Created
: 2014-07-28 16:02:56
Time Spent Working
Include Subtasks
Description
When the filesystem is checked for the corresponding key, it's not checked whether the sessionkey is empty, and so a null value could be accepted (it'll probably break other things if it is, but best to catch it early).
Toggle State Changes
Activity
Ben Tasker
Permalink
2014-11-11 19:35:42
This issue was fixed a little while back -
View Commit
Unassigned
Permalink
2014-11-11 19:37:29
btasker changed status from 'Open' to 'Resolved'
Unassigned
Permalink
2014-11-11 19:37:29
btasker added 'Fixed' to resolution
Unassigned
Permalink
2014-11-11 19:38:10
btasker changed status from 'Resolved' to 'Closed'
Activity
2014-11-11 19:35:42
2014-11-11 19:37:29
2014-11-11 19:37:29
2014-11-11 19:38:10