Hacker News new | ask | show | jobs
by umbrai_nation 3529 days ago
Wait, so it creates a privileged session before verifying the password? That's your problem right there. A crash in the JSON processor (or anywhere else) is a minor blip compared to this godzilla bug of granting access before it's been earned.
1 comments
mathw 3529 days ago
Spot on! But if the JSON parser couldn't crash on malformed input, that kind of whopping mistake would be a lot harder to exploit.
link