Thanks for your bug report. It does look like this could lead to information leakage in the exception handler cases where attempts > 0 and possibly when the exception is propagated up (when attempts == 0).
I'm marking the OSSA bug task as incomplete until discussed with other VMT members as to whether we will issue an advisory for this problem.
Thanks for your bug report. It does look like this could lead to information leakage in the exception handler cases where attempts > 0 and possibly when the exception is propagated up (when attempts == 0).
I'm marking the OSSA bug task as incomplete until discussed with other VMT members as to whether we will issue an advisory for this problem.