[24129] in bugtraq
And another (same) bug in DCForum at user registration process
daemon@ATHENA.MIT.EDU (shimi)
Tue Feb 5 17:48:37 2002
Date: Sat, 2 Feb 2002 18:32:43 +0200 (IST)
From: shimi <shimi@jct.ac.il>
To: <bugtraq@securityfocus.com>
Message-ID: <Pine.GSO.4.33_heb2.09.0202021827120.1897-100000@beitza.jct.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
When registering a user and not allowing him to choose a password, a
password is generated by the same algorithm as the algorithm used when
creating new password for a user who lost it.
Once again, the password is predictable, thus bypasses all limitations of
using a valid mailbox for user registration (user can use a fake E-Mail
address, and still know his password)
In Lib/user_register.pl:
<snip>
if ($r_in->{'command'} eq 'register') {
</snip>
<snip>
if ($r_setup->{'auth_register_via_email'} eq 'on') {
my $session = get_session_id();
$r_in->{'password'} = substr($session,3,6);
</snip>
Should be random. Use the same patch as with the other bug:
http://www.dcscripts.com/bugtrac/DCForumID7/3.html
Have fun.
Best regards,
Shimi
----
"Outlook is a massive flaming horrid blatant security violation, which
also happens to be a mail reader."
"Sure UNIX is user friendly; it's just picky about who its friends are."
Sign that you downloaded Linux from a bad source:
"My compiler keeps hanging on NSABackdoor.h !!!"
