Quote:
|
Originally Posted by Sane
Wow! That's a useful import! Thanks!
|
It's not the godsend you think it is Sane. Is no one else seeing the flaw with that? You've got a direct string comparison. Anyone with a decompiler can easily change that test (from == to !=) and there you have it - no need to enter the correct password. Much less effort than trying to brute force the password or whatever. There's just no real point in pursuing this further.