HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

JsSSOString with hard coded crypt algorithm

In functions.jsconnect.php the function for creating the sso-string for embedded SSO uses the sha1 algorithm therefore ignoring other configurations done vie $secure or in the plugin settings.

Shouldn't the function respect configurations from the local installation?

Sign In or Register to comment.