[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <007301c4009e$fc07f830$1559d53e@pigkiller>
From: pk95 at yandex.ru (Alexander)
Subject: Re: Authentication flaw in Web Wiz forum
Hi all again!
This bug works only when password changes using "Forgotten your password?"
future.
The user code is changed when changing the password using "user profile".
Sorry for my mistake.
----- Original Message -----
From: "Alexander" <pk95@...dex.ru>
To: <full-disclosure@...ts.netsys.com>
Cc: "Bruce Corkhill" <bruce@...wizguide.info>
Sent: Wednesday, March 03, 2004 12:20 AM
Subject: Authentication flaw in Web Wiz forum
> Product: Web Wiz forum 7.0-7.7a www.webwizforum.com
>
> Risk: Medium
>
> Date: 02 March, 2004
>
> Autor: Pig Killer and Michael ( www.SecurityLab.ru)
>
>
>
> When user log on forum, for his cookies identification forum using
User_code
> value from tblAutor table from underlying database, which doesn't change
> with changing of password. As a result, when user change password, he can
> register in the forum using old cookies. As a result, if users cookies was
> compromised (for example by XSS), then even password changing will doesn't
> protect his account from unauthorized using.
>
>
>
> The forum also allows logged in user to change the password without
entering
> the old one. Thus, having cookie, you can change the password without
> knowing the old one.
>
Powered by blists - more mailing lists