Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Apollo forum major security issue!

Author
Message
Nikkoz
21
Years of Service
User Offline
Joined: 31st Aug 2002
Location: Sweden
Posted: 14th Sep 2002 14:15
When a login fails, the script redirects to the loginpage and sends back the username AND the password to the page.
This means that the username and password is cached on the computer and can easily be checked. If the login has failed the password isnt correct, but you can still see it, even if you need to change a letter or two.

I suggest that the script only sends back the username!
-Nikkoz
Ian T
21
Years of Service
User Offline
Joined: 12th Sep 2002
Location: Around
Posted: 15th Sep 2002 02:01
Ouch! Yeah I hope this gets fixed!

--Mouse
Richard Davey
Retired Moderator
21
Years of Service
User Offline
Joined: 30th Apr 2002
Location: On the Jupiter Probe
Posted: 15th Sep 2002 11:42
Hmm I'm not sure I'd say that's a major issue - the password will be wrong afterall! But okay I see your point and I've fixed it so it doesn't do that now

Cheers,

Rich

"Gentlemen, we are about to short-circuit the Universe!"
DB Team / Atari ST / DarkForge / Retro Gaming
Ian T
21
Years of Service
User Offline
Joined: 12th Sep 2002
Location: Around
Posted: 15th Sep 2002 17:47
Good to feel safe even if it wasn't an issue in the first place (and who in their right mind would want to stut around as ME?)

--Mouse
Nikkoz
21
Years of Service
User Offline
Joined: 31st Aug 2002
Location: Sweden
Posted: 15th Sep 2002 22:10
Is the password is stored on the harddrive unencrypted, even if one char is wrong, i call that major!
Nikkoz
21
Years of Service
User Offline
Joined: 31st Aug 2002
Location: Sweden
Posted: 15th Sep 2002 22:14
But its only a forum. There are ofcource more serious issues, like bank-accounts etc. Lets call this a forum major

Login to post a reply

Server time is: 2024-03-28 12:08:56
Your offset time is: 2024-03-28 12:08:56