Full Disclosure mailing list archives
Re: Authentication flaw in Web Wiz forum
From: "Alexander" <pk95 () yandex ru>
Date: Wed, 3 Mar 2004 00:40:29 +0300
Hi all again! This bug works only when password changes using "Forgotten your password?" future. The user code is changed when changing the password using "user profile". Sorry for my mistake. ----- Original Message ----- From: "Alexander" <pk95 () yandex ru> To: <full-disclosure () lists netsys com> Cc: "Bruce Corkhill" <bruce () webwizguide info> Sent: Wednesday, March 03, 2004 12:20 AM Subject: Authentication flaw in Web Wiz forum
Product: Web Wiz forum 7.0-7.7a www.webwizforum.com Risk: Medium Date: 02 March, 2004 Autor: Pig Killer and Michael ( www.SecurityLab.ru) When user log on forum, for his cookies identification forum using
User_code
value from tblAutor table from underlying database, which doesn't change with changing of password. As a result, when user change password, he can register in the forum using old cookies. As a result, if users cookies was compromised (for example by XSS), then even password changing will doesn't protect his account from unauthorized using. The forum also allows logged in user to change the password without
entering
the old one. Thus, having cookie, you can change the password without knowing the old one.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Authentication flaw in Web Wiz forum Alexander (Mar 02)
- Re: Re: Authentication flaw in Web Wiz forum Bruce Corkhill (Mar 02)