On Thu, Jun 4, 2009 at 6:48 PM, Christopher Schultz <[email protected]> wrote: > I don't see any information disclosure vulnerability in the first place, > and I don't see how your patch would have fixed it. > > ??!
The behavior was different if the user is not found of if the password is wrong. (ok, the security issue is not exactly very serious) Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
