lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon Jun 20 15:00:03 2005
From: anthrax101 at gmail.com (Aaron Horst)
Subject: Security of phpBB

I've done some work on phpBB security
(http://seclists.org/lists/fulldisclosure/2005/Feb/0547.html,
http://www.phpbb.com/security/final_reports.php?p=2) and would not
personally commend them on their security record and responses. I've
gone through the code base and there are probably no remaining obvious
issues, but I am sure that there are many subtle errors remaining. The
code is just not designed with security in mind.

I would also like to point out that they are liable to hide security
issues that they consider non serious, and this has bitten them before
(See highlight exploit. They ignored it for a while because they
didn't think it could be exploited.)

AnthraX101

On 6/20/05, Tom Edwards <topbeachwear@...mail.de> wrote:
> Hi,
> 
> I am new to this list and to security in general so please excuse my
> question. A friend told me that our forum software phpBB is not very secure
> and told me about this. Where can I get information on that? What must I do
> to make it secure?
> 
> Thank you.
> 
> Kind regards,
> Tom Edwards, Manager
> 
> _________________________________________________________________
> MSN Hotmail. Anmelden und gewinnen! http://www.msn.de/email/webbased/ Ihre
> Chance, eines von 10 T-Mobile MDA II zu gewinnen!
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


-- 
AnthraX101 -- PGP Key ID# 0x4CD6D0BD
Fingerprint:
8161 D008 3DAB 86C1 2CA3  AEDE 0E21 DBDE 4CD6 D0BD

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ