Invision Power Board Plaintext Password Disclosure Vuln

2007.10.23

Credit: JeiAr

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2003-1454

CWE: N/A

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Invision Power Board Plaintext Password Disclosure Vuln

-------------------------------------------------------

Version: All?

Problem: Invision Power Board gives an admin the option

to create a pass protected forum. The problem with this

is that the password is then stored in the cookie fully

readable as it is shown in plaintext.

Credits: All credit goes to JeiAr of GulfTech Computers

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Invision Power Board Plaintext Password Disclosure Vuln

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.