[Moin-user] moin security hole

Michael P. Soulier msoulier at digitaltorque.ca
Tue Oct 10 14:48:37 EDT 2006


I just noticed that if I get my password wrong on login, Moin tells me,
"Incorrect password". 

That's not good. A login system should never tell you whether you got the
userid or the password wrong, as it hands useful information to crackers
trying to break into the system.

Michael P. Soulier <msoulier at digitaltorque.ca>
"Any intelligent fool can make things bigger and more complex... It
takes a touch of genius - and a lot of courage to move in the opposite
direction." --Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/moin-user/attachments/20061010/60cd66e7/attachment.sig>

More information about the Moin-user mailing list