jeffalo @jeffalo

i had a zoom call with people to discuss a major vulnerability i found.

May 6, 2023, 1:57 PM
25
View all Parent

comments

Highlighted comment
jeffalo @jeffalo May 7, 2023, 7:10 PM

really?
mrowlsss @mrowlsss May 13, 2023, 3:26 AM

i think we’re talking about different things, its when i logged into poprock’s account with a password, even though he had no password assigned.
jeffalo @jeffalo May 13, 2023, 11:33 AM

uh thats bad.
mrowlsss @mrowlsss May 14, 2023, 2:26 PM

i cant do it anymore if i try doing it with @owlsss-owlclient

mrowlsss @mrowlsss May 14, 2023, 2:26 PM

i think you already fixed it
jeffalo @jeffalo May 15, 2023, 6:22 AM

this sounds like a bug with your client rather than the server — as far as i can tell, i haven’t touched auth code in years
mrowlsss @mrowlsss May 18, 2023, 12:15 PM

huh, maybe, idk
mrowlsss @mrowlsss May 18, 2023, 12:16 PM

all i know is apparently i logged into an account with a password even though the account had no password assigned, and then you gave me a warning
jeffalo @jeffalo May 18, 2023, 1:43 PM

that sounds more like the user configured their account wrong. right now its possible for someone to set their password to be blank (which is different from disabling password login).