2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

User avatar
axew3
w3all User
w3all User
Posts: 2689
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Post by axew3 »

Released 2.4.1
== Changelog ==

= 2.4.1 =
*Release Date - 5 Jan, 2021*

* Fix Bruteforce countermeasure, to avoid logout of the legit logged user in certain cases
More specifically, when an user account were detected as bruteforced, the code was following with a logout, that is based than by (cookie) ID.
If a fake session presented, then also the legit logged in user were logged out, due to session deletion for the passed UID.
It has been fixed.
User avatar
axew3
w3all User
w3all User
Posts: 2689
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Re: 2.4.1 - fix bruteforce countermeasure to avoid a logout in certain circumstances

Post by axew3 »

Released 2.4.2
== Changelog ==

= 2.4.2 =
*Release Date - 5 Jan, 2021*

* Fix all Bruteforce countermeasure flow, to avoid loops in certain cases and to correctly manage bruteforce array cleanup
* Fix mChat flow and code, removing unwanted (and not necessary) phpBB user's capabilities query
Post Reply