Representative Line: Secure Login

by
Remy Porter
from The Daily WTF on (#35TFJ)

"I logged into the admin app."

Julie's boss had the username and password for the admin app, so that wasn't too surprising.

"With my regular username and password," her boss added.

That was a bit more of a problem. The app in question was an internal, home-grown CMS. The admin portion of it was secured by a single username/password combo, controlled by a config file. It wasn't the most secure thing on Earth, but it should at least be secure enough that you needed to supply the correct values.

Julie checked the code, and found that wasn't the case:

if (inputLogin.Length == configFileLogin.Length && inputPassword.Length == configFilePassword.Length){ return true;}
puppetlabs50.png[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today! TheDailyWtf?d=yIl2AUoC8zAfHC7GUI70gk
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments