Snitz Forums 2000 - bug fix: Cookie Poisoning, Password Vulnerability

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: General / Previous versions

bug fix: Cookie Poisoning, Password Vulnerability

New Topic

Topic Locked

Printer Friendly

Author

Topic

vdevil
Starting Member

20 Posts

Posted - 06 September 2006 : 09:59:15

Hi,

I've a 3.4.03 version. I've recently read 2 important bug fix... how I can fix the bug?

I can't upgrade to 3.4.05 version.

Thank you

quote:

BUG:
Account Compromise Via Cookie Poisoning
password.asp Password Reset Vulnerability

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 06 September 2006 : 10:23:07

Where did you read that?

Snitz 3.4 Readme | Like the support? Support Snitz too

vdevil
Starting Member

20 Posts

Posted - 06 September 2006 : 10:29:54

in a security bulletin
http://marc.theaimsgroup.com/?l=bugtraq&m=105578322012128&w=2

quote:

Account Compromise Via Cookie Poisoning
-------------------------------------------
In order to steal another users identity, all an attacker
needs to know is thier encrypted password. This is not
very hard to obtain using the XSS as described above, or
other methods. Once an attacker has this info, all they
have to do is login to thier normal account to get a valid
session id, close the browser, replace thier username and
encrypted pass with that of the victim, and return to the
site where they will be recognized as the victim.

password.asp Password Reset Vulnerability
-------------------------------------------
This is the most serious of the vulns, as it requries no
real effort and leaves the entire snitz forum open to attack.
All an attacker has to do is request a forgotten password, save
the password reset page offline,edit the member id to the desired
member id, and submit the form. The members password will then
be reset to that of the attackers choosing.

How I can fix?

snitz forum 3.4.03 is affected!!!

Edited by - vdevil on 06 September 2006 10:33:17

vdevil
Starting Member

20 Posts

Posted - 06 September 2006 : 10:31:04

the fix
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60371

can resolve this?

HuwR
Forum Admin

United Kingdom
20584 Posts

Posted - 06 September 2006 : 10:43:44

this is a very old vunerability(> 3 years), so I'm not sure which topic actually relates to the fix

In fact I'm not sure that the fix was released seperately but rather was released as part of the 3.4.04 update

vdevil
Starting Member

20 Posts

Posted - 06 September 2006 : 10:59:36

May I see the bug fix list of 3.4.03 from anywhere?

AnonJr
Moderator

United States
5768 Posts

Posted - 06 September 2006 : 11:04:07

Its probably in DEV Bug Reports (Closed) or as an archived topic in either Bug Reports forum.

vdevil
Starting Member

20 Posts

Posted - 06 September 2006 : 11:10:13

nothing :-(

AnonJr
Moderator

United States
5768 Posts

Posted - 06 September 2006 : 11:26:07

Try the DEV Bug Reports (Closed) Archive.

AnonJr
Moderator

United States
5768 Posts

Posted - 06 September 2006 : 11:28:58

Might also be in the DEV Bug Reports (Open) Archive. Wouldn't think it would be, but you never know...

Davio
Development Team Member

Jamaica
12217 Posts

Posted - 06 September 2006 : 11:54:49

There are lots of security bug fixes since 3.4.03.
http://forum.snitz.com/forum/forum.asp?ARCHIVE=true&FORUM_ID=118

Not sure exactly which one applies to your specific problem.
Best thing would be to upgrade to the latest version.

If you don't want to upgrade, then apply all the security fixes since September 15, 2002. That's when 3.4.03 was released.

EDIT: This looks a fix for the password.asp file: http://forum.snitz.com/forum/topic.asp?ARCHIVE=true&TOPIC_ID=45275

But as I said, add all the fixes since September 15, 2002.

Support Snitz Forums

Edited by - Davio on 06 September 2006 11:56:35

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.13 seconds.