tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bozo .htpasswd exposure

To: JP <rlntlss83%gmail.com@localhost>
Subject: Re: bozo .htpasswd exposure
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 20 Nov 2018 15:34:03 +0100

On Tue, Nov 20, 2018 at 03:31:44PM +0100, Martin Husemann wrote:
> On Tue, Nov 20, 2018 at 09:19:55AM -0500, JP wrote:
> > I don't see any code preventing the exposure of the file
> 
> AUTH_FILE is missing from bozo_check_special_files() ?

No, that one calls bozo_auth_check_special_files() and there is the check
that you are looking for.

Martin

Follow-Ups:
- Re: bozo .htpasswd exposure
  - From: JP

References:
- bozo .htpasswd exposure
  - From: JP
- Re: bozo .htpasswd exposure
  - From: Martin Husemann

Prev by Date: Re: bozo .htpasswd exposure
Next by Date: Re: bozo .htpasswd exposure
Previous by Thread: Re: bozo .htpasswd exposure
Next by Thread: Re: bozo .htpasswd exposure
Indexes:

Home | Main Index | Thread Index | Old Index