TOPo v.2.2.178 Account Reset

2006.07.26
Risk: Low
Local: No
Remote: Yes
CWE: N/A

TOPo v.2.2.178 Account Reset Author: Attila Gerendi (Darkz) Date: July 12, 2006 Package: TOPo (http://ej3soft.ej3.net/) Versions Affected: 2.2.178 (Other versions may also be affected.) Severity: Password Reset Description: It is possible to overide an existing entry posting a new entry with a previous entry ID. The ID can be extracted from the main window links ex: http://[host]/[path]/index.php?m=top&s=out&ID=1152699749.6695 The new entry will overide the original entry, also this will overide the original password. Another problem is the ID formath xxxxxx.yyyy where yyyy is the original (initial) password. Solution: TOPo development seen to be suspended by now. No new release from January 5 2005.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top