View Issue Details

IDProjectCategoryView StatusLast Update
0000110websitewebsitepublic2004-09-07 02:05
Reporterlance@uklinux.net 
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformOtherOSotherOS Version
Product Versionunspecified 
Target VersionFixed in Version 
Summary0000110: Security issues
DescriptionRe the recent mambo security issue -

I was reviewing some of the code in temple , esp lib.php and was alarmed to see
password hash stored in cookie.

If someone were to overrun sql and retrieve password hash from db, would that
allow them to login as that user by storing username,password in cookie ???

If so (aarrgh) shouldnt it be a hash of the password hash with a secret key that
is stored in the cookie. ???
TagsNo tags attached.

Activities

lance@uklinux.net

lance@uklinux.net

2003-12-15 11:51

reporter   ~0000426

Last edited: 1970-01-01 00:00

orc added in cc
greg@caosity.org

greg@caosity.org

2004-02-13 08:56

reporter   ~0000427

Last edited: 1970-01-01 00:00

You are possiably right... This will definatly need reviewing! ORC has taken on
a lot of the php security audits, so I volunteer him! ;)

(also you probably don't want me doing it, as I am the one that wrote it like
that!) lol
herrold

herrold

2004-02-15 17:04

reporter   ~0000428

Last edited: 1970-01-01 00:00

herrold reviews -- yes -- a persistent session key pointing to an ACL vector
only on the remote host is the proper approach.
herrold

herrold

2004-04-19 14:39

reporter   ~0000429

Last edited: 1970-01-01 00:00

mambo issue is not temple, but rather main website -- I will move this component
and open a new temple user input detaint ticket
greg@caosity.org

greg@caosity.org

2004-09-07 02:05

reporter   ~0000430

Last edited: 1970-01-01 00:00

Cleaning old tickets... Please reopen if I closed one that should still be open!

Issue History

Date Modified Username Field Change
2003-12-15 11:51 lance@uklinux.net CC => herrold@owlriver.com
2004-04-19 14:39 herrold cclist_accessible 1 => 0
2004-04-19 14:39 herrold Product temple => website
2004-09-07 02:05 greg@caosity.org Status NEW => RESOLVED
2004-09-07 02:05 greg@caosity.org Resolution => FIXED