Forum rules
Under no circumstances is spamming or advertising of any kind allowed. Do not post any abusive, obscene, vulgar, slanderous, hateful, threatening, sexually-orientated or any other material that may violate others security. Profanity or any kind of insolent behavior to other members (regardless of rank) will not be tolerated. Remember, what you don’t find offensive can be offensive to other members. Please treat each other with the kind of reverence you’d expect from other members.
Failure to comply with any of the above will result in users being banned without notice. If any further details are needed, contact: “The team” using the link at the bottom of the forum page. Thank you.
samsamsam
Posts: 17
Joined: Sun Aug 16, 2015 3:27 pm

Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Sat Apr 08, 2017 6:12 pm

Hello,

I think there is BIG issue with login.
When you log in with valid login and password once then login will always success event when you change login or password to invalid.
Also when you change login and password to valid but for diffrent user then always first user is loged?

How it is possible? Are you remember user by IP?

Can you check this please?

Thank you,
SSS

User avatar
oss
Site Admin
Posts: 5879
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Mon Apr 10, 2017 7:02 am

Hi

there is no issue, you are saving cookies. Communicate with API without cookies....

samsamsam
Posts: 17
Joined: Sun Aug 16, 2015 3:27 pm

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Mon Apr 10, 2017 8:20 am

Hello,

But even if, this is not normal that when you request new login with different user and password. You got success log on with previous user.

Do you agree?

Thanks,
SSS

User avatar
oss
Site Admin
Posts: 5879
Joined: Sat Feb 25, 2006 11:26 pm
Contact: Website

Re: Security hole ? http://api.opensubtitles.org/xml-rpc - LogIn - method

Mon Apr 10, 2017 10:38 am

send me code, that I can try and simulate the problem.

Return to “Developing”

Who is online

Users browsing this forum: No registered users and 20 guests