Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: neoboard.htm

NeoBoard 3.0 weak password hashes



Vulnerability

    Neoboard

Affected

    Neoboard 3.0

Description

    Jonathan  Leto  found  following.   He  was  browsing  the code of
    neoboard_register.php and found at line 210 this:

        if($this->style->USE_CRYPT) $userpassword = crypt($userpassword, '.v');

    All passwords are  generated with a  salt of ".v".   This isn't  a
    huge security  hole, but  if someone  gets to  the hashes  in your
    database, it will be a lot easier to crack them.

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH