Re: [Secureideas-base-devel] BASE authentication bypass
Brought to you by:
secureideas,
sinukas
From: Joel E. <es...@gm...> - 2006-04-20 17:00:16
|
What is baseplus? Is this another project we need to track? Joel On 4/20/06, nikns <ni...@se...> wrote: > > Hi! > > BASE authentication can be bypassed if including > this line in http headers: > Cookie: BASERole=3D1|foo|e032862448a630f4e7a5342f19d9a88 > > > Kevin, If I would still have my cvs access I could commit fix, but... > You will have to do it on your own (grin, grin, grin...). ;] > > > > Good luck. > Nikns Siankin > --------------------- > BASE+ Project Lead > http://sourceforge.net/projects/baseplus/ > "choosing to remain ignorant is stupid" -cloder > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronim= o > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat= =3D121642 > _______________________________________________ > Secureideas-base-devel mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-devel > -- --Joel |