Page 1 of 1

Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Posted: Sat Apr 08, 2017 6:12 pm
by samsamsam
Hello,

I think there is BIG issue with login.
When you log in with valid login and password once then login will always success event when you change login or password to invalid.
Also when you change login and password to valid but for diffrent user then always first user is loged?

How it is possible? Are you remember user by IP?

Can you check this please?

Thank you,
SSS

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Posted: Mon Apr 10, 2017 7:02 am
by oss
Hi

there is no issue, you are saving cookies. Communicate with API without cookies....

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Posted: Mon Apr 10, 2017 8:20 am
by samsamsam
Hello,

But even if, this is not normal that when you request new login with different user and password. You got success log on with previous user.

Do you agree?

Thanks,
SSS

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Posted: Mon Apr 10, 2017 10:38 am
by oss
send me code, that I can try and simulate the problem.