2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
BBCode is ON
[img] is ON
[url] is ON
Smilies are ON
Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: 2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Re: 2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

by axew3 » Tue Jan 05, 2021 10:22 pm

Released 2.4.2
== Changelog ==

= 2.4.2 =
*Release Date - 5 Jan, 2021*

* Fix all Bruteforce countermeasure flow, to avoid loops in certain cases and to correctly manage bruteforce array cleanup
* Fix mChat flow and code, removing unwanted (and not necessary) phpBB user's capabilities query

2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

by axew3 » Tue Jan 05, 2021 12:27 am

Released 2.4.1
== Changelog ==

= 2.4.1 =
*Release Date - 5 Jan, 2021*

* Fix Bruteforce countermeasure, to avoid logout of the legit logged user in certain cases
More specifically, when an user account were detected as bruteforced, the code was following with a logout, that is based than by (cookie) ID.
If a fake session presented, then also the legit logged in user were logged out, due to session deletion for the passed UID.
It has been fixed.

Top