|
|
|
|
|
|
by aflukasz
717 days ago
|
|
|
I believe knowing existing user name or using host-depended value does not matter. The exploit tries to interrupt handlers that are being run due to login grace period timing out - so we are already at a point where authentication workflow has ended without passing all the credentials. Plus, in the "Practice" section, they discuss using user name value as a way to manipulate memory at a certain address, so they want/need to control this value. |
|
|