[ postfixadmin-Bugs-3301752 ] Problem with escape_string in pacrypt()
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Bugs-3301752 ] Problem with escape_string in pacrypt()
|
From: SourceForge.net <no...@so...> - 2012-05-28 19:19:02
|
Bugs item #3301752, was opened at 2011-05-13 13:10 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3301752&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v2.3.3 >Status: Closed >Resolution: Duplicate Priority: 5 Private: No Submitted By: Paolo Stancato (seniormojo) Assigned to: Nobody/Anonymous (nobody) Summary: Problem with escape_string in pacrypt() Initial Comment: Hi there! Testing postfix admin I've found a bug with users authentication. The problem is that pacrypt() escape the password before return it and that can taint the hash. I've resolved the issue commenting the line functions.inc.php: 1244: $password = escape_string ($password); Data used for testing: --------------------------------- Password string: P4ssw0rd! Password hash: $1$>X6mz76\$EdT.4mI8ZEntI9/AgqazS1 ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2012-05-28 12:19 Message: Known bug, see https://sourceforge.net/tracker/?func=detail&aid=3094804&group_id=191583&atid=937964 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=3301752&group_id=191583 |
