1. Log in now to remove adverts - no adverts at all to registered members!

Toby could be at risk

Discussion in 'General Chat' started by eddieveeee, Oct 30, 2011.

  1. eddieveeee

    eddieveeee New Member

    Joined:
    Jun 2, 2011
    Messages:
    3,535
    Likes Received:
    2
    When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.

    This vulnerability affects /member.php/1004277-Toby.

    The impact of this vulnerability
    Possible sensitive information disclosure

    Password type input named vb_login_password from form with ID navbar_loginform with action login.php?do=login has autocomplete enabled.

    How to fix this vulnerability
    The password autocomplete should be disabled in sensitive applications.

    To disable autocomplete, you may use a code similar to:

    <INPUT TYPE="password" AUTOCOMPLETE="off">
     
    #1
  2. Fabulous Fabio

    Fabulous Fabio Well-Known Member

    Joined:
    Apr 11, 2010
    Messages:
    18,118
    Likes Received:
    12,573
    Nae bawhair Joe
     
    #2
  3. eddieveeee

    eddieveeee New Member

    Joined:
    Jun 2, 2011
    Messages:
    3,535
    Likes Received:
    2
    it seems you are at risk aswell peter.
     
    #3
  4. - jordan -

    - jordan - Active Member

    Joined:
    Oct 6, 2011
    Messages:
    1,773
    Likes Received:
    18
    wtf is this tripe <doh>
     
    #4
  5. Fabulous Fabio

    Fabulous Fabio Well-Known Member

    Joined:
    Apr 11, 2010
    Messages:
    18,118
    Likes Received:
    12,573
    Whats life if you don't take a few risks now and again
     
    #5
  6. eddieveeee

    eddieveeee New Member

    Joined:
    Jun 2, 2011
    Messages:
    3,535
    Likes Received:
    2
    User credentials are not encrypted when they are transmitted.
    This vulnerability affects /member.php/873-UserName1882 (GET ).

    A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

    It seems that user credentials are sent to /login.php in clear text.

    Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.
     
    #6
  7. jenthesaint1990

    jenthesaint1990 Well-Known Member

    Joined:
    Jun 3, 2011
    Messages:
    7,507
    Likes Received:
    169
    i understand all of this <ok>
     
    #7
  8. Fabulous Fabio

    Fabulous Fabio Well-Known Member

    Joined:
    Apr 11, 2010
    Messages:
    18,118
    Likes Received:
    12,573
    Those pesky third parties
     
    #8
  9. - jordan -

    - jordan - Active Member

    Joined:
    Oct 6, 2011
    Messages:
    1,773
    Likes Received:
    18
    have a day off ed <doh>
     
    #9
  10. SUPERNORWICH 23

    SUPERNORWICH 23 SUPERNORWICH

    Joined:
    Jan 24, 2011
    Messages:
    15,683
    Likes Received:
    1,320
    Is that how my harmless picture of a bling pigeon on Eriks wall, turned into someone frantically beating themselves off?
     
    #10

  11. Shameless

    Shameless Well hung member

    Joined:
    Jan 25, 2011
    Messages:
    9,100
    Likes Received:
    341
    eddieveee, you're one seriously boring knacker.

    please log in to view this image


    Refer to part 1
     
    #11
  12. Tina_old

    Tina_old Princess

    Joined:
    Jan 24, 2010
    Messages:
    19,851
    Likes Received:
    114
  13. Toby

    Toby GC's Life Coach

    Joined:
    Jan 31, 2011
    Messages:
    36,197
    Likes Received:
    21,031
    <doh> So you think you're a hacker too eddieeee? Deluded little **** <doh>
     
    #13
  14. Hugh Briss

    Hugh Briss Well-Known Member

    Joined:
    Jan 27, 2011
    Messages:
    10,011
    Likes Received:
    834
    So much hatred.

    Where's the love Toby? :grin:
     
    #14

Share This Page