Let me add that this doesn't affect older versions of DCForum (DCF99, 98, 97) as those features do not include retrieving password feature. Thanks. David S. Choi DCScripts.com --- shimi <shimi@jct.ac.il> wrote: > > When a user requests a new password for his account, > a new password is > generated and sent to the requester (anyone that > knows the username+email > information, which is usually available in "user > profile"). > > The problem is that the password is simply the first > 6 characters of the > user's SessionID, which is, of course, known to > anybody who knows how to > see a value in a cookie. > > Hence every user in the world can come to the board, > request a new > password for someone, and then login with that > username + 6 first > characters of the SessionID from the cookie. > > The author has been notified (by me), and even > released a patch, but, as > it appears, didn't bother saying that here, where > most of the world will > be reading it, so I decided to do it myself. > > Here's my post: > http://www.dcscripts.com/cgi-bin/dcforum/dcboard.cgi?az=read_count&om=1198&forum=dcfBug > > And here's the patch: > http://www.dcscripts.com/bugtrac/DCForumID7/3.html > > Best regards, > Shimi > > > ---- > > "Outlook is a massive flaming horrid blatant > security violation, which > also happens to be a mail reader." > > "Sure UNIX is user friendly; it's just picky > about who its friends are." > > Sign that you downloaded Linux from a bad > source: > "My compiler keeps hanging on NSABackdoor.h !!!" > __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com
