jeffalo @jeffalo

i had a zoom call with people to discuss a major vulnerability i found.

May 6, 2023, 1:57 PM
25
View all Parent

comments

Highlighted comment

this sounds like a bug with your client rather than the server — as far as i can tell, i haven’t touched auth code in years

huh, maybe, idk

all i know is apparently i logged into an account with a password even though the account had no password assigned, and then you gave me a warning

that sounds more like the user configured their account wrong. right now its possible for someone to set their password to be blank (which is different from disabling password login).