SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   phpwsBB Vendors:   phpwsbb.sourceforge.net
phpwsBB Search Feature Discloses Message Labels to Remote Users
SecurityTracker Alert ID:  1009948
SecurityTracker URL:  http://securitytracker.com/id/1009948
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 26 2004
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.9.2
Description:   A vulnerability was reported in phpwsBB. A remote user can view message labels.

The vendor reported that a remote user can invoke the Search feature to view message labels even if anonymous viewing is disabled. Only message labels can be viewed, the report said.

The vendor credits Stephen Adler with reporting this flaw.

Impact:   A remote user can view message labels.
Solution:   The vendor has released a fixed version (0.9.2), available at:

http://phpwsbb.sourceforge.net/#downloads

Vendor URL:  sourceforge.net/forum/forum.php?forum_id=370206 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://sourceforge.net/forum/forum.php?forum_id=370206


http://phpwsbb.sourceforge.net/

http://sourceforge.net/forum/forum.php?forum_id=370206

 > Posted By: rizzo
 > Date: 2004-04-21 10:47
 > Summary: phpwsBB 0.9.2 Released

 > This release fixes a pseudo-security hole that would allow an anonymous user to use the
 > Search system to view message labels (and _only_ the labels) even if anonymous viewing
 > was turned off. Thanks to Stephen Adler for reporting it. I recommend upgrading ASAP if
 > you are hard-core and not allowing anonymous viewing.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC