www programming

integration and scripts forums
https://www.axew3.com/w3/forums/

2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

https://www.axew3.com/w3/forums/viewtopic.php?t=1611

Page 1 of 1

2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Posted: Tue Jan 05, 2021 12:27 am
by axew3
Released 2.4.1
== Changelog ==

= 2.4.1 =
*Release Date - 5 Jan, 2021*

* Fix Bruteforce countermeasure, to avoid logout of the legit logged user in certain cases
More specifically, when an user account were detected as bruteforced, the code was following with a logout, that is based than by (cookie) ID.
If a fake session presented, then also the legit logged in user were logged out, due to session deletion for the passed UID.
It has been fixed.

Re: 2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Posted: Tue Jan 05, 2021 10:22 pm
by axew3
Released 2.4.2
== Changelog ==

= 2.4.2 =
*Release Date - 5 Jan, 2021*

* Fix all Bruteforce countermeasure flow, to avoid loops in certain cases and to correctly manage bruteforce array cleanup
* Fix mChat flow and code, removing unwanted (and not necessary) phpBB user's capabilities query
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited