[sork] Password disclosure in LDAP Driver passwd-h3-3.1-rc1
Joffrey van Wageningen
joffrey-horde at coolhaven.info
Wed Jan 21 19:10:20 UTC 2009
Hi List,
Thanks for updating the Sork packages, its nice to see the last release
updated to 2009! Although still a RC this version has a nasty password
disclosing (debug?) line in the LDAP Driver of Password:
$Horde: passwd/lib/Driver/ldap.php,v 1.41.2.6 2009/01/06 15:25:23 jan Exp $
line 131: return pear::raiseError(_("Incorrect old password.") .
Auth::getCredential('password') .'x');
FYI.
With kind regards,
Joffrey van Wageningen
More information about the sork
mailing list