tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bozo .htpasswd exposure



On Tue, Nov 20, 2018 at 03:31:44PM +0100, Martin Husemann wrote:
> On Tue, Nov 20, 2018 at 09:19:55AM -0500, JP wrote:
> > I don't see any code preventing the exposure of the file
> 
> AUTH_FILE is missing from bozo_check_special_files() ?

No, that one calls bozo_auth_check_special_files() and there is the check
that you are looking for.

Martin


Home | Main Index | Thread Index | Old Index