[Vtigercrm-developers] flaw in vtws_getchallenge

Joe Bordes joe at tsolucio.com
Sun Apr 6 00:06:06 GMT 2014


Hi,

You can find a proposed patch for coreBOS here:

http://corebos.org/development/view.php?id=110

that should work exactly the same on VT6

Joe
TSolucio


El 28/03/14 02:01, Hamono, Chris (DPC) escribió:
> vtws_getchallenge does not adequately check for a valid user.
> If an invalid user is passed to it, it should fail or throw an exception.
> Instead it creates an entry in the database with a null userid
> Chris
>
>
> _______________________________________________
> http://www.vtiger.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140406/f4ff346f/attachment.html>


More information about the vtigercrm-developers mailing list