[Ruby] Proper Way to Report a Security Hole in LoginGenerator?
Ryan Davis
ryand-ruby at zenspider.com
Wed Jun 27 23:03:06 PDT 2007
On Jun 27, 2007, at 21:42 , Aaron Goldfeder wrote:
> I'm a complete noob to the rails community and any help is
> appreciated.
>
> I found a security bug in the LoginGenerator gem (1.2.2). Its part
> of the
> generated code so may be in quite a few sites. Easy to exploit,
> easy to
> fix. On a scale of 1-5 where 5 is most severe, i'd call it a 3.
I would email him directly: tobi at leetsoft dot com
More information about the Ruby
mailing list