“I logged into the admin app.”

Julie’s boss had the username and password for the admin app, so that wasn’t too surprising.

“With my regular username and password,” her boss added.

That was a bit more of a problem. The app in question was an internal, home-grown CMS. The admin portion of it was secured by a single username/password combo, controlled by a config file. It wasn’t the most secure thing on Earth, but it should at least be secure enough that you needed to supply the correct values.

Julie checked the code, and found that wasn’t the case:

if (inputLogin.Length == configFileLogin.Length && inputPassword.Length == configFilePassword.Length)
{
    return true;
}

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!