Possible buffer overflow with long user name [CORE1603] #2024
Commented by: @AlexPeshkoff
There is no control on length of user name, i.e. one passed in DPB can be up to 255 bytes. Buffer for user name, passed from getUserInfo() into verifyUser(), is 129 bytes long, but the first thing done by verifyUser(), is copying value from DPB to that buffer - without any size check.