Hi Steve On Wednesday 06 July 2005 11:57, Steve <St> wrote: > Author: Stefan Lochbihler > Date: 6. Juli 2005 > Affected Software: PHPXMAIL > Software Version: 0.7 -> 1.1 > Software URL: http://phpxmail.sourceforge.net/ > Attack: Authentication Bypass [...details snipped...] > The problem occurs when we try to log in with an overlong password > because we get no response message from the server and the function dont > exit. > > Now when we login with a username like postmaster@localhost and an > overlong password > we bypass the error handler and successfully log in. [...] > Solution: Maybe insert a maxsize tag to the passwords input field. > > > > Discovered by Steve Erm... a maxsize tag will not prevent the attack at all. J -- There is no such thing as fortune. Try again.
