XenForo
Administrative
- Thread starter
- Admin
- #1
Reporting it, so at least it's been asked
Just been CC'd onto this mail reporting a Vulnerability within XF
Code:
Read more
ادامه مطلب...
Just been CC'd onto this mail reporting a Vulnerability within XF
Code:
Code:
Vulnerability Type: No Password Length Restriction leads to Denial of Service
Description:
I am able to create a password with 1000000 words which fully leads to MySQL or server side Denial Of Service attack. Also this issue can dump your database.
You need to decrease password length :There are two reasons for limiting the password size. For one, hashing a large amount of...Read more
ادامه مطلب...