hacker
119
edits
mNo edit summary |
No edit summary |
||
Around the begining of the Spring 2005 semester [[User:Jon787|Jon DeVree]] and [[User:Dark-Fx|Brian McPherson]] found a flaw in the system that allowed any self-signed certificate to be authenticate by the system. This allowed them to generate cookies that expired in years instead of hours and even cookies that were for other users. They utilized this to create phony users like [[EERC_Tree]], and vanity userids for [[User:Dark-Fx|Dark-Fx]] and [[User:xobes|xobes]] on the [[Barkboard|Barkboards]]. DCS fixed the flaw shortly after Jon and Brian reported it.
As of the end of August 2005 the old login system has been completely replaced by a newer and more secure version that resembles an attempt to implement kerberos with cookies.
[http://www.login.mtu.edu/docs/public/mtuiso/ ISO Documentation]
|