Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix authentication bypass exploit
Fixes the exploit by setting the requirement of the var to true, causing a side effect of the tests running, not the shell, making the exploit useless.
  • Loading branch information
LiuWoodsCode committed Dec 27, 2022
1 parent a377446 commit c658b4f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core.py
Expand Up @@ -112,7 +112,7 @@ def actualsys() :
if attemps == 6:
## Brute force protection
raise Exception("Too many password attempts. Because of the risk of a brute force attack, after 6 attempts, you will need to rerun LiuOS to try 6 more times.")
if os.environ.get('GITHUB_ACTIONS') != "":
if os.environ.get('GITHUB_ACTIONS') == "true":
logging.warning("Running on Github Actions")
actualsys()
elif username == cred.loginname and pwdreshash == cred.loginpass:
Expand Down

0 comments on commit c658b4f

Please sign in to comment.