Improved new account security.

Since chpasswd takes multiple username:password lines
it was possible to change the password of any account:
curl -data "username=attacker&password=%0aroot:omghax" -k https://ctf/new

0 files changed, 0 insertions, 0 deletions