Invision Power Board 'Allow auto login' setting override

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Invision Power Board 'Allow auto login' setting override
From: Hillel Himovich <hll@xxxxxxxxxxxxxxxx>
Date: 30 Nov 2004 20:38:55 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


This next Vulnerability was discovered by Keyboard_Criminal <matan.marciano at 
gmail.com>

IPB Has a setting that enables admins to disable members from auto-login to the 
forums
This can be easily bypassed using this next method:

1. Use the password reset form and enter there requested nickname.
2. When you get the email, follow the instructions.

After filling the form with the user id, the security code and the new password
you will auto login to the forms, and any attempt to come back to the forums 
will also result in an auto-login because user id and pass hash are saved in 
the cookies.

This method culd be used to save a uid\pass containing cookie that will allow 
auto login, thus enabling malicious users who have an admin password hash to 
'Cookie Edit' the details in the cookie and auto-login under the admin account.

HLL and Keyboard_Criminal

Prev by Date: SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042)
Next by Date: Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
Previous by thread: SUSE Security Announcement: various kernel problems (SUSE-SA:2004:042)
Next by thread: Re: Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln
Index(es):
- Date
- Thread