Redirection in logout code of login.pl can be used to gain some access to the system without authenticating.
Note: I have only confirmed this in 1.2beta2 (+fix for 1599342) and svn at this point in time
Logged In: YES
Easy enough to fix. Will get that done tonight.
My plan is to hardcode all values in the callback value used in the logut function. For example we certainly know what script is...
I believe I have this fixed. I will verify when I get back to where I have a working 1.2 svn install.
Verified fixed. THere are some possible DoS issues that still need to be discussed, but the severe issues are taken care of.
This was fixed in 1.1.5