Updated to latest SVN (r8200) and issue is still there. However, create new
account now works so it's now even worse.
"it should select back the last used profile, instead of the last logged in
username/password." - it doesn't do this
On 3/12/07, Youness Alaoui <[EMAIL PROTECTED]> wrote:
as I said 'the latest svn version', maybe you should update your svn
version because I fixed the 'create a new
account' a couple of days ago, and at the same time, I made ir so that
whenever the login screen is shown, it
purges all the user list from it and recreates it, fetching the latest
profiles stored, and select the latest
used profile (in case you add a new profile, it allows the list of
profiles to be updated), so the current
behavior should be that after using a non-profile, when you logout, it
should select back the last used profile,
instead of the last logged in username/password.
I'm wodnering if we should keep it like this, or if we should at least
show the last username entered even if
the remember_me option is unchecked..
can you do a svn update and see if you can still find the issue you're
talking about ?
thanks
KKRT
On Mon, Mar 12, 2007 at 12:25:59PM +0000, Steve H wrote:
> As far as creating a new account doesn't work, yes. But I'm assuming you
> intend to fix that, and when you do this behaviour will become
exploitable.
>
> On 3/11/07, Youness Alaoui <[EMAIL PROTECTED]> wrote:
> >
> >good point... but afaik, the latest svn version doesn't allow that,
right
> >?
> >
> >KKRT
> >
> >On Sun, Mar 11, 2007 at 06:26:35PM +0000, Steve H wrote:
> >> Hey there, just wanted to point out a potential security flaw I came
> >across
> >> today with the new login screen. If a guest user logs in without
> >selecting
> >> to create an account or save password and then you choose to log out
the
> >> username & password are still in the login form. This leaves the
ability
> >to
> >> then select create account and remember password and somewhat
stealing
> >the
> >> guest user's password.
> >>
> >> Regards, Steve
> >
> >>
>
>-------------------------------------------------------------------------
> >> Take Surveys. Earn Cash. Influence the Future of IT
> >> Join SourceForge.net's Techsay panel and you'll get the chance to
share
> >your
> >> opinions on IT & business topics through brief surveys-and earn cash
> >>
> >
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> >> _______________________________________________
> >> Amsn-devel mailing list
> >> Amsn-devel@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/amsn-devel
> >
> >
>
>-------------------------------------------------------------------------
> >Take Surveys. Earn Cash. Influence the Future of IT
> >Join SourceForge.net's Techsay panel and you'll get the chance to share
> >your
> >opinions on IT & business topics through brief surveys-and earn cash
> >
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> >_______________________________________________
> >Amsn-devel mailing list
> >Amsn-devel@lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/amsn-devel
> >
>
-------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
your
> opinions on IT & business topics through brief surveys-and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Amsn-devel mailing list
> Amsn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amsn-devel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Amsn-devel mailing list
Amsn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amsn-devel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Amsn-devel mailing list
Amsn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amsn-devel
