[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

about recent phpMyAdmin "vulnerabilities"

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: about recent phpMyAdmin "vulnerabilities"
From: Marc Delisle <Marc.Delisle@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Aug 2007 08:02:23 -0400

Hi,
On 2007-08-10, an advisory was published:

http://www.securityfocus.com/bid/25268

I don't consider these exploits to be a threat at all, because anattacker has to know in advance the victim's phpMyAdmin token, which isgenerated with

md5(uniqid(rand(), true))

Marc Delisle
phpMyAdmin project

Prev by Date: 24th Chaos Communication Congress 2007: Call for Participation
Next by Date: Re: VMWare poor guest isolation design
Previous by thread: 24th Chaos Communication Congress 2007: Call for Participation
Next by thread: [USN-502-1] KDE vulnerabilities
Index(es):
- Date
- Thread