Changeset 1304 for trunk/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php

Timestamp:

10/22/07 15:06:20 (5 years ago)

Author:

benoitg

Message:

• Major security fix: Fix the authenticator for a security breach where a user could get Internet access using an empty username. LocalUser? and LDAP were definitely vulnerable, RADIUS may have been.

Files:

• trunk/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php (modified) (1 diff)

trunk/wifidog-auth/wifidog/classes/Authenticators/AuthenticatorRadius.php

@@ -174 +174 @@
         
         $db = AbstractDb::getObject();
-
+        User :: setCurrentUser(null);//This should fix a security hole if using an empty username.  I didn't have time to audit the radius code to see if it really was vulnerable, and code a better fix.
         // Init values
         $retval = false;