about recent phpMyAdmin "vulnerabilities"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: about recent phpMyAdmin "vulnerabilities"
From: Marc Delisle <Marc.Delisle@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Aug 2007 08:02:23 -0400
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

Hi,
On 2007-08-10, an advisory was published:

http://www.securityfocus.com/bid/25268

I don't consider these exploits to be a threat at all, because anattacker has to know in advance the victim's phpMyAdmin token, which isgenerated with


md5(uniqid(rand(), true))

Marc Delisle
phpMyAdmin project

Prev by Date: 24th Chaos Communication Congress 2007: Call for Participation
Next by Date: Re: VMWare poor guest isolation design
Previous by thread: 24th Chaos Communication Congress 2007: Call for Participation
Next by thread: [USN-502-1] KDE vulnerabilities
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux