Home page logo
/

bugtraq logo Bugtraq mailing list archives

And another (same) bug in DCForum at user registration process (dcscripts.com)
From: shimi <shimi () jct ac il>
Date: Sat, 2 Feb 2002 18:32:43 +0200 (IST)


When registering a user and not allowing him to choose a password, a
password is generated by the same algorithm as the algorithm used when
creating new password for a user who lost it.

Once again, the password is predictable, thus bypasses all limitations of
using a valid mailbox for user registration (user can use a fake E-Mail
address, and still know his password)

In Lib/user_register.pl:

<snip>
   if ($r_in->{'command'} eq 'register') {

</snip>
<snip>
      if ($r_setup->{'auth_register_via_email'} eq 'on') {
         my $session = get_session_id();
         $r_in->{'password'} = substr($session,3,6);
</snip>

Should be random. Use the same patch as with the other bug:

http://www.dcscripts.com/bugtrac/DCForumID7/3.html

Have fun.

  Best regards,
     Shimi


----

   "Outlook is a massive flaming horrid blatant security violation, which
    also happens to be a mail reader."

   "Sure UNIX is user friendly; it's just picky about who its friends are."

    Sign that you downloaded Linux from a bad source:
    "My compiler keeps hanging on NSABackdoor.h !!!"


  By Date           By Thread  

Current thread:
  • And another (same) bug in DCForum at user registration process (dcscripts.com) shimi (Feb 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault