Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Authentication flaw in Web Wiz forum
From: "Alexander" <pk95 () yandex ru>
Date: Wed, 3 Mar 2004 00:40:29 +0300

Hi all again!

This bug works only when password changes using "Forgotten your password?"

The user code is changed when changing the password using "user profile".

Sorry for my mistake.

----- Original Message ----- 
From: "Alexander" <pk95 () yandex ru>
To: <full-disclosure () lists netsys com>
Cc: "Bruce Corkhill" <bruce () webwizguide info>
Sent: Wednesday, March 03, 2004 12:20 AM
Subject: Authentication flaw in Web Wiz forum

Product:  Web Wiz forum 7.0-7.7a www.webwizforum.com

Risk:          Medium

Date:         02 March, 2004

Autor:        Pig Killer and Michael ( www.SecurityLab.ru)

When user log on forum, for his cookies identification forum using
value from tblAutor table from underlying database, which doesn't change
with changing of password. As a result, when user change password, he can
register in the forum using old cookies. As a result, if users cookies was
compromised (for example by XSS), then even password changing will doesn't
protect his account from unauthorized using.

The forum also allows logged in user to change the password without
the old one. Thus, having cookie, you can change the password without
knowing the old one.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]