[Moin-user] moin security hole
Michael P. Soulier
msoulier at digitaltorque.ca
Tue Oct 10 14:48:37 EDT 2006
Hello,
I just noticed that if I get my password wrong on login, Moin tells me,
"Incorrect password".
That's not good. A login system should never tell you whether you got the
userid or the password wrong, as it hands useful information to crackers
trying to break into the system.
Cheers,
Mike
--
Michael P. Soulier <msoulier at digitaltorque.ca>
"Any intelligent fool can make things bigger and more complex... It
takes a touch of genius - and a lot of courage to move in the opposite
direction." --Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/moin-user/attachments/20061010/60cd66e7/attachment.sig>
More information about the Moin-user
mailing list