Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #11244: Random value used to confirm an email change should be checked in constant time

Download Browse

It should be possible to retrieve the random token without having access to the email sent for the email change. Currently, the token might be retrieved through timing leaks. Change-Id: I252e1f706be79086a53b0f989ca7074cba81d019

+11 −25
Thomas Gerbet (tgerbet) 2018-03-06 12:28
Thomas Gerbet (tgerbet) 2018-03-07 13:44
fbb89578ee813ae1fc6094127d4000bc49cd0be4
6bd44b6d7d13a11a90f0070b1d640c0c464eca65
git #tuleap/stable/fbb89578ee813ae1fc6094127d4000bc49cd0be4

Modified Files

Side by side diff
Inline diff
Name
M site-content/fr_FR/LC_MESSAGES/tuleap-core.po +0 −3 Go to diff View file
M site-content/tuleap-core.pot +0 −3 Go to diff View file
M src/common/user/Account/ChangePasswordController.php +11 −19 Go to diff View file