HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

JsSSOString with hard coded crypt algorithm

This discussion is related to the Vanilla jsConnect addon.

In functions.jsconnect.php the function for creating the sso-string for embedded SSO uses the sha1 algorithm therefore ignoring other configurations done vie $secure or in the plugin settings.

Shouldn't the function respect configurations from the local installation?

Sign In or Register to comment.