View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000110||website||website||public||2003-12-15 11:50||2004-09-07 02:05|
|Target Version||Fixed in Version|
|Summary||0000110: Security issues|
|Description||Re the recent mambo security issue -|
I was reviewing some of the code in temple , esp lib.php and was alarmed to see
password hash stored in cookie.
If someone were to overrun sql and retrieve password hash from db, would that
allow them to login as that user by storing username,password in cookie ???
If so (aarrgh) shouldnt it be a hash of the password hash with a secret key that
is stored in the cookie. ???
|Tags||No tags attached.|
|orc added in cc|
You are possiably right... This will definatly need reviewing! ORC has taken on
a lot of the php security audits, so I volunteer him! ;)
(also you probably don't want me doing it, as I am the one that wrote it like
herrold reviews -- yes -- a persistent session key pointing to an ACL vector
only on the remote host is the proper approach.
mambo issue is not temple, but rather main website -- I will move this component
and open a new temple user input detaint ticket
|Cleaning old tickets... Please reopen if I closed one that should still be open!|
|2003-12-15 11:email@example.com||CC||=> firstname.lastname@example.org|
|2004-04-19 14:39||herrold||cclist_accessible||1 => 0|
|2004-04-19 14:39||herrold||Product||temple => website|
|2004-09-07 02:email@example.com||Status||NEW => RESOLVED|
|2004-09-07 02:firstname.lastname@example.org||Resolution||=> FIXED|