Skip to content
Snippets Groups Projects
Commit c2e808cc authored by Florian Schlichting's avatar Florian Schlichting
Browse files

Disallow current time as a session key (fix: #19, CVE-2020-11728) 

We never set a cookie with the (md5 of the) current time as session key,
so there's no need to allow logging in with this brute-force guessable
value.
parent 535505c9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 4 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment