Show
Ignore:
Timestamp:
10/22/07 15:06:20 (5 years ago)
Author:
benoitg
Message:
  • Major security fix: Fix the authenticator for a security breach where a user could get Internet access using an empty username. LocalUser? and LDAP were definitely vulnerable, RADIUS may have been.
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/wifidog-auth/wifidog/classes/Authenticator.php

    r1289 r1304  
    140140            $selectedUser=null; 
    141141        } 
    142          
     142 
    143143        $smarty=SmartyWiFiDog::getObject(); 
    144144        // Set network selector 
     
    163163    { 
    164164        if (!empty($_REQUEST["login_form_submit"])) { 
    165                     if (isset($_REQUEST["user_id"])) { 
     165            if (isset($_REQUEST["user_id"])) { 
    166166                $username = User::getObject($_REQUEST["user_id"])->getUsername(); 
    167167            } 
     
    173173                $password = $_REQUEST["password"]; 
    174174            } 
    175              
     175 
    176176            // Authenticating the user through the selected auth source. 
    177177            $network = Network::processSelectUI('auth_source');