Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: web5054.htm

DCForum easily guessable users passwords
1st Feb 2002 [SBWID-5054]

	DCForum easily guessable users passwords


	DCForum version 6.22


	Shimi posted :

	When a user requests a new password for his account, a new  password  is
	generated  and  sent  to  the   requester   (anyone   that   knows   the
	username+email  information,  which  is  usually  available  in   \"user

	The problem is that the password is simply the  first  6  characters  of
	the user\'s SessionID, which is, of course, known to anybody  who  knows
	how to see a value in a cookie.

	Hence every user in the world can come  to  the  board,  request  a  new
	password for someone, and then  login  with  that  username  +  6  first
	characters of the SessionID from the cookie.

	 Update (06 February 2002)



	When registering a user and not allowing him to  choose  a  password,  a
	password is generated by the same algorithm as the algorithm  used  when
	creating new password for a user who lost it.

	Once again, the password is predictable, thus bypasses  all  limitations
	of using a valid mailbox for user registration  (user  can  use  a  fake
	E-Mail address, and still know his password)

	In Lib/


	   if ($r_in->{\'command\'} eq \'register\') {




	      if ($r_setup->{\'auth_register_via_email\'} eq \'on\') {

	         my $session = get_session_id();

	         $r_in->{\'password\'} = substr($session,3,6);




	See link below (patches both bugs) :


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH