On Thu, Jun 4, 2009 at 6:48 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > I don't see any information disclosure vulnerability in the first place, > and I don't see how your patch would have fixed it. > > ??!
The behavior was different if the user is not found of if the password is wrong. (ok, the security issue is not exactly very serious) Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
