“I logged into the admin app.”

Julie’s boss had the username and password for the admin app, so that wasn’t too surprising.

“With my regular username and password,” her boss added.

That was a bit more of a problem. The app in question was an internal, home-grown CMS. The admin portion of it was secured by a single username/password combo, controlled by a config file. It wasn’t the most secure thing on Earth, but it should at least be secure enough that you needed to supply the correct values.

Julie checked the code, and found that wasn’t the case:

if (inputLogin.Length == configFileLogin.Length && inputPassword.Length == configFilePassword.Length)
{
    return true;
}

[Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!