So, a while back there was some.. slightly heated.. discussion about
security issues with C-P-A-Password.. or perhaps one of the modules it
uses internally.. in certain cases, if certain options are, or are not,
set. Then it quietened down without any apparent conclusion being reached.
Now that some time has passed, I wondered if someone could provide a
synopsis of the outcome of these investigations and discussions?
In short:
* In what circumstances was an attack possible?
ie. What combination of modules, options, auth methods.
* Which versions were vulnerable, and if any, at what version were
they fixed, if any?
* What mitigating factors can be applied to existing systems to reduce
their vulnerability to the attack?
Thanks,
Toby
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
