Register to post in forums, or Log in to your existing account
 

Post new topic  Reply to topic     Home » Forums » Website or Forum problems
Vijilante
SubAdmin


Joined: 18 Nov 2001
Posts: 5182
PostPosted: Sun Jul 20, 2003 7:57 am   

Forum security bug
 
Finally got around to visitting the Snitz forums after reading about a password security bug on another site. The version is the one we currently use, but the fix shown at Snitz was dated prior to Zugg's mention of the new forums being in. Just wanted to ask.

Exploit
quote:

This is the most serious of the vulns, as it requries no
real effort and leaves the entire snitz forum open to attack.
All an attacker has to do is request a forgotten password, save
the password reset page offline,edit the member id to the desired
member id, and submit the form. The members password will then
be reset to that of the attackers choosing.


Snitz fix link: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=45275
Reply with quote
Darker
GURU


Joined: 24 Sep 2000
Posts: 1237
Location: USA
PostPosted: Sun Jul 27, 2003 6:24 pm   
 
Fixed. Thanks for letting me know
Reply with quote
Display posts from previous:   
Post new topic   Reply to topic     Home » Forums » Website or Forum problems All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
© 2009 Zugg Software. Hosted on Wolfpaw.net