[24071] in bugtraq
Re: Vulnerability in all versions of DCForum from dcscripts.com
daemon@ATHENA.MIT.EDU (David Choi)
Fri Feb 1 14:16:42 2002
Message-ID: <20020201183954.44314.qmail@web20609.mail.yahoo.com>
Date: Fri, 1 Feb 2002 10:39:54 -0800 (PST)
From: David Choi <dcscripts@yahoo.com>
To: shimi <shimi@jct.ac.il>, bugtraq@securityfocus.com
In-Reply-To: <Pine.GSO.4.33_heb2.09.0202011409210.22126-100000@beitza.jct.ac.il>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Let me add that this doesn't affect older versions of
DCForum (DCF99, 98, 97) as those features do not
include retrieving password feature.
Thanks.
David S. Choi
DCScripts.com
--- shimi <shimi@jct.ac.il> wrote:
>
> When a user requests a new password for his account,
> a new password is
> generated and sent to the requester (anyone that
> knows the username+email
> information, which is usually available in "user
> profile").
>
> The problem is that the password is simply the first
> 6 characters of the
> user's SessionID, which is, of course, known to
> anybody who knows how to
> see a value in a cookie.
>
> Hence every user in the world can come to the board,
> request a new
> password for someone, and then login with that
> username + 6 first
> characters of the SessionID from the cookie.
>
> The author has been notified (by me), and even
> released a patch, but, as
> it appears, didn't bother saying that here, where
> most of the world will
> be reading it, so I decided to do it myself.
>
> Here's my post:
>
http://www.dcscripts.com/cgi-bin/dcforum/dcboard.cgi?az=read_count&om=1198&forum=dcfBug
>
> And here's the patch:
> http://www.dcscripts.com/bugtrac/DCForumID7/3.html
>
> Best regards,
> Shimi
>
>
> ----
>
> "Outlook is a massive flaming horrid blatant
> security violation, which
> also happens to be a mail reader."
>
> "Sure UNIX is user friendly; it's just picky
> about who its friends are."
>
> Sign that you downloaded Linux from a bad
> source:
> "My compiler keeps hanging on NSABackdoor.h !!!"
>
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
