• hackwarn.txt sent to wrong user if password inquiry is selected?

    From Björn Wiberg@2:201/137 to g00r00 on Thursday, March 24, 2022 20:58:35
    Hello g00r00!

    I'm not sure, but I might have stumbled on a small bug related to password inquiries --

    If a user (here, "guest") enters the wrong password a number of times ("Login Attempts" times), and chooses not to send a password inquiry to the SysOp, the file hackwarn.txt is correctly sent to the user:

    N 58 Possible hack attempt Zip guest

    But if the user chooses to send a password inquiry to the SysOp, the recipient of hackwarn.txt appears to become the same as that of the password inquiry (i.e. the "Feedback To" user):

    N 59 Password Inquiry Unknown Zip
    N 60 Possible hack attempt Zip Zip

    Here, I would have expected the recipient of the last email to be "guest" instead of "Zip".

    Is this also so for you?

    Thanks in advance!

    Best regards
    Björn

    --- Mystic BBS v1.12 A48 2022/03/11 (Linux/64)
    * Origin: Star Collision BBS, Uppsala, Sweden (2:201/137)