View Issue Details

IDProjectCategoryView StatusLast Update
0000110websitewebsitepublic2004-09-07 02:05 Assigned To 
Status resolvedResolutionfixed 
Product Versionunspecified 
Summary0000110: Security issues
DescriptionRe the recent mambo security issue -

I was reviewing some of the code in temple , esp lib.php and was alarmed to see
password hash stored in cookie.

If someone were to overrun sql and retrieve password hash from db, would that
allow them to login as that user by storing username,password in cookie ???

If so (aarrgh) shouldnt it be a hash of the password hash with a secret key that
is stored in the cookie. ???
TagsNo tags attached.


2003-12-15 11:51

reporter   ~0000426

Last edited: 1970-01-01 00:00

orc added in cc

2004-02-13 08:56

reporter   ~0000427

Last edited: 1970-01-01 00:00

You are possiably right... This will definatly need reviewing! ORC has taken on
a lot of the php security audits, so I volunteer him! ;)

(also you probably don't want me doing it, as I am the one that wrote it like
that!) lol


2004-02-15 17:04

reporter   ~0000428

Last edited: 1970-01-01 00:00

herrold reviews -- yes -- a persistent session key pointing to an ACL vector
only on the remote host is the proper approach.


2004-04-19 14:39

reporter   ~0000429

Last edited: 1970-01-01 00:00

mambo issue is not temple, but rather main website -- I will move this component
and open a new temple user input detaint ticket

2004-09-07 02:05

reporter   ~0000430

Last edited: 1970-01-01 00:00

Cleaning old tickets... Please reopen if I closed one that should still be open!

Issue History

Date Modified Username Field Change
2003-12-15 11:51 CC =>
2004-04-19 14:39 herrold cclist_accessible 1 => 0
2004-04-19 14:39 herrold Product temple => website
2004-09-07 02:05 Status NEW => RESOLVED
2004-09-07 02:05 Resolution => FIXED