[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Authentication flaw in Web Wiz forum

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Authentication flaw in Web Wiz forum
From: "Alexander" <pk95@xxxxxxxxx>
Date: Wed, 3 Mar 2004 00:20:30 +0300

Product:  Web Wiz forum 7.0-7.7a www.webwizforum.com

Risk:          Medium

Date:         02 March, 2004

Autor:        Pig Killer and Michael ( www.SecurityLab.ru)



When user log on forum, for his cookies identification forum using User_code
value from tblAutor table from underlying database, which doesn't change
with changing of password. As a result, when user change password, he can
register in the forum using old cookies. As a result, if users cookies was
compromised (for example by XSS), then even password changing will doesn't
protect his account from unauthorized using.



The forum also allows logged in user to change the password without entering
the old one. Thus, having cookie, you can change the password without
knowing the old one.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
  - From: Bruce Corkhill

References:
- [Full-Disclosure] The Cult of a Cardinal Number
  - From: Phantasmal Phantasmagoria

Prev by Date: Re: [Full-Disclosure] Smashing "XBoard 4.2.7(All versions)" For Fun & Profit.*Unpublish ed Local Stack Overflow Vulnerablity!
Next by Date: [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
Previous by thread: [Full-Disclosure] The Cult of a Cardinal Number
Next by thread: [Full-Disclosure] Re: Authentication flaw in Web Wiz forum
Index(es):
- Date
- Thread