[Info-vax] OT: Review your password-checking $acm[w] calls
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Fri Oct 25 20:52:46 EDT 2013
On 2013-10-24, Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>
> If you have or find an $acm or $acmw call in any password-checking
> source code, then you will want to confirm either ACME$_LOGON_TYPE set
> to ACME$K_NETWORK (with IMPERSONATE) or the presence of source code to
> handle the ACME$_OPINCOMPL status. If not, you might (do?) have a
> latent bug.
>
> Related: <http://h71000.www7.hp.com/doc/731final/5841/5841pro_088.html>
><http://labs.hoffmanlabs.com/node/1260#comment-2993>
>
> Yeah. It's a stupid coding bug. A bug that won't show in most
> testing. Don't make it.
>
Isn't this the bug I was responsible for finding ?
If so, you really do need to be within the expiring password window
to experience this; IIRC as soon as I reset my password Hoff's utility
worked just fine.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list