Package: slash Severity: normal Tags: security slash assigns guessable initial passwords to users. This means that it is possible to bypass the email C&R process, and create accounts using other people's email addresses. The relevant code is in Slash/Utility/Data/Data.pm:
sub changePassword {
return join '', map { $chars[rand @chars] } 0 .. 7;
}
This has been assigned CAN-2001-1535.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
