-
- Downloads
Disallow current time as a session key (fix: #19, CVE-2020-11728)
We never set a cookie with the (md5 of the) current time as session key, so there's no need to allow logging in with this brute-force guessable value.
Please register or sign in to comment