Subj : hackwarn.txt sent to wrong user if password inquiry is selected?
To   : g00r00
From : Bj”rn Wiberg
Date : Thu Mar 24 2022 08:58 pm

Hello g00r00!

I'm not sure, but I might have stumbled on a small bug related to password inquiries --

If a user (here, "guest") enters the wrong password a number of times ("Login Attempts" times), and chooses not to send a password inquiry to the SysOp, the file hackwarn.txt is correctly sent to the user:

N    58 Possible hack attempt                  Zip             guest

But if the user chooses to send a password inquiry to the SysOp, the recipient of hackwarn.txt appears to become the same as that of the password inquiry (i.e. the "Feedback To" user):

N    59 Password Inquiry                       Unknown         Zip
N    60 Possible hack attempt                  Zip             Zip

Here, I would have expected the recipient of the last email to be "guest" instead of "Zip".

Is this also so for you?

Thanks in advance!

Best regards
Bj”rn

--- Mystic BBS v1.12 A48 2022/03/11 (Linux/64)
 * Origin: Star Collision BBS, Uppsala, Sweden (2:201/137)

.