PHPCRED-27: An Injected Session will still be accepted if the Sessionkey is blank

Issue Information

Issue Type: Bug
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Fixed (2014-11-11 19:37:29)
Affects Version: 1.5,
Target version: 1.25,

Created: 2014-07-28 16:02:56
Time Spent Working

When the filesystem is checked for the corresponding key, it's not checked whether the sessionkey is empty, and so a null value could be accepted (it'll probably break other things if it is, but best to catch it early).

Toggle State Changes


This issue was fixed a little while back - View Commit
btasker changed status from 'Open' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed status from 'Resolved' to 'Closed'