Hi,
I am working on a research pool for Gridcoin. Part of this development
involves an account management piece to the site. During the development
of the account manager, I noticed when BOINC client makes an account
manager request to my server, it passes all projects that are attached
to it into the account manager regardless of what attached it. This data
includes the password keys to the projects which are not currently
attached to my account manager. It appears I could take these account
keys to gain access to individuals accounts for those projects.
Just mostly an observation, not sure if this has been discussed or not...
Thanks for your time,
Brian Burkhardt...
_______________________________________________
boinc_dev mailing list
[email protected]
https://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
