[Svn] [roundcube/roundcubemail] 3d9798: Make brute force attacks harder by re-generating s...

GitHub noreply at github.com
Mon Sep 28 08:59:11 CEST 2015


  Branch: refs/heads/release-1.1
  Home:   https://github.com/roundcube/roundcubemail
  Commit: 3d9798da1f9d130abffad3cb429ac3be677791c5
      https://github.com/roundcube/roundcubemail/commit/3d9798da1f9d130abffad3cb429ac3be677791c5
  Author: Aleksander Machniak <alec at alec.pl>
  Date:   2015-09-28 (Mon, 28 Sep 2015)

  Changed paths:
    M CHANGELOG
    M program/lib/Roundcube/rcube.php

  Log Message:
  -----------
  Make brute force attacks harder by re-generating security token on every failed login (#1490549)

Or more precissely use the same we did in git-master, i.e. do not base the token on
session ID, but use random bytes instead.




More information about the svn mailing list