New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

关于验证码的安全问题 #270

Open

aofengdaxia opened this issue Apr 14, 2021 · 1 comment

aofengdaxia commented Apr 14, 2021

作者在LoginFilter中完成了对验证码的判断。在判断后没有及时的设置验证码的失效，会带来浅在的安全问题。
具体表现为：只需要请求一次验证码的url，然后用模拟发送http的程序去不断的穷举用户名和密码，验证码不会发生变化。

tangning9495 commented Apr 28, 2021

这个项目怎么样？我马上参加校招，这个能作为工程项目吗

作者在LoginFilter中完成了对验证码的判断。在判断后没有及时的设置验证码的失效，会带来浅在的安全问题。
具体表现为：只需要请求一次验证码的url，然后用模拟发送http的程序去不断的穷举用户名和密码，验证码不会发生变化。

Jiangt333 added a commit to Jiangt333/vhr that referenced this issue


          resolve issue 270 lenve#270

b491165

Jiangt333 mentioned this issue

resolve issue 270 https://github.com/lenve/vhr/issues/270 #341

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment