[Vtigercrm-developers] flaw in vtws_getchallenge
Hamono, Chris (DPC)
Chris.Hamono at sa.gov.au
Fri Mar 28 01:01:10 GMT 2014
vtws_getchallenge does not adequately check for a valid user.
If an invalid user is passed to it, it should fail or throw an exception.
Instead it creates an entry in the database with a null userid
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140328/4522087d/attachment.html>
More information about the vtigercrm-developers
mailing list