PHP Classes

Possible bug in GetUserScratchPasswordsArray

Recommend this page to a friend!

      multiOTP PHP class  >  All threads  >  Possible bug in...  >  (Un) Subscribe thread alerts  
Subject:Possible bug in...
Summary:GetUserScratchPasswordsArray returns empty string
Author:Sean Butler-Lee
Date:2013-09-20 15:01:47
Update:2013-09-22 22:10:12

  1. Possible bug in...   Reply   Report abuse  
Picture of Sean Butler-Lee Sean Butler-Lee - 2013-09-20 15:01:47
I think I've found a security hole in GetUserScratchPasswordsArray. If run for a user with no scratch passwords, instead of returning an empty array, it returns an empty string. When the CheckToken function does a ForEach over the output from this function, it ends up authenticating a blank password as valid.

I've fixed this in my copy by replacing GetUserScratchPasswordsArray with the following:

function GetUserScratchPasswordsArray($user = '')
if ('' != $user)
if ($this->_user_data['scratch_passwords'] != '') {
return (explode(",",$this->_user_data['scratch_passwords']));
} else {
return array();

  2. Re: Possible bug in...   Reply   Report abuse  
Picture of André Liechti André Liechti - 2013-09-22 22:10:12 - In reply to message 1 from Sean Butler-Lee
Yes, thanks, it has been corrected.
Best regards,