tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <remy.mauche...@gmail.com>
Subject Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication
Date Thu, 04 Jun 2009 17:04:32 GMT
On Thu, Jun 4, 2009 at 6:48 PM, Christopher Schultz
<chris@christopherschultz.net> wrote:
> I don't see any information disclosure vulnerability in the first place,
> and I don't see how your patch would have fixed it.
>
> ??!

The behavior was different if the user is not found of if the password is wrong.
(ok, the security issue is not exactly very serious)

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message