Full Disclosure mailing list archives
Authentication flaw in Web Wiz forum
From: "Alexander" <pk95 () yandex ru>
Date: Wed, 3 Mar 2004 00:20:30 +0300
Product: Web Wiz forum 7.0-7.7a www.webwizforum.com Risk: Medium Date: 02 March, 2004 Autor: Pig Killer and Michael ( www.SecurityLab.ru) When user log on forum, for his cookies identification forum using User_code value from tblAutor table from underlying database, which doesn't change with changing of password. As a result, when user change password, he can register in the forum using old cookies. As a result, if users cookies was compromised (for example by XSS), then even password changing will doesn't protect his account from unauthorized using. The forum also allows logged in user to change the password without entering the old one. Thus, having cookie, you can change the password without knowing the old one. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The Cult of a Cardinal Number Phantasmal Phantasmagoria (Mar 02)
- Authentication flaw in Web Wiz forum Alexander (Mar 02)
- Re: Authentication flaw in Web Wiz forum Bruce Corkhill (Mar 02)
- Re: The Cult of a Cardinal Number Mark Lowes (Mar 03)
- <Possible follow-ups>
- Re: The Cult of a Cardinal Number Phantasmal Phantasmagoria (Mar 04)
- Authentication flaw in Web Wiz forum Alexander (Mar 02)