Redmine

2009-05-15

09:03 Redmine Defect #3351: Weak autologin token generation algorithm causes duplicate tokens

Jean-Philippe Lang wrote:
> That's what I did when I said that I never experienced this issue.
Probably you are n... Alexander Pavlov

2009-05-14

10:00 Redmine Defect #3351: Weak autologin token generation algorithm causes duplicate tokens

Also, you could check your DB to ensure you have really never affected by this vulnerability... Alexander Pavlov

09:58 Redmine Defect #3351: Weak autologin token generation algorithm causes duplicate tokens

Small example from our developers... Alexander Pavlov

09:47 Redmine Defect #3351: Weak autologin token generation algorithm causes duplicate tokens

>I never experienced
We suspect it is due to process forking which leads to random sequence seed *inherited* from ... Alexander Pavlov

2009-05-13

11:06 Redmine Defect #3351: Weak autologin token generation algorithm causes duplicate tokens

Also, I suggest to deny login if search by autologin within Token table returned 2 or more records - it allows to pre... Alexander Pavlov

10:56 Redmine Defect #3351 (Closed): Weak autologin token generation algorithm causes duplicate tokens

After switching to mod_passenger we got 7 (seven!) duplicated autologin tokens within 2 weeks. It caused some changes... Alexander Pavlov

2009-03-06

12:11 Redmine Defect #2719: Increase username length limit from 30 to 60

Enderson Maia wrote:
> Added a patch that fixes it on 0.8-stable
Thank you, Enderson! Alexander Pavlov

2009-02-11

15:16 Redmine Defect #2719 (Closed): Increase username length limit from 30 to 60

We use LDAP authorization and our logins consist of firstname.lastname.companyname.
As result, we faced problem wi... Alexander Pavlov