PEAK XOOPS - Re: auto-login hacked files for XOOPS 2.0.9.2 in englishin japanese

Top  >  Comments  >  Downloads comment (Previous topic|Next topic)

Re: auto-login hacked files for XOOPS 2.0.9.2

  • As this forum is only for commentation, you cannot open a new topic
  • Guests cannot post into this forum
Target Downloads
Subject auto-login hacked files for XOOPS 2.0.9.3
Summary == AUTO-LOGIN V2 (REMEMBER ME) hacked files for XOOPS 2.0.9.x ==Security fix: overwrite include/checklogin.php and include/common.php again.------------------------------------------------------------------Hacked core files to be able to login autom...
Older is upper Newer is upper

normal Re: auto-login hacked files for XOOPS 2.0.9.2

msg# 1
depth:
0
Previous post - Next post | Parent - Children.1 | Posted on 2005/2/19 6:31
dasdan  Private From: Belgium / Ghent  Posts: 4
This hack stores the password as an MD5 hash on the client, but this is vulnerable to dictionary attacks, and simple copying to another computer.
This hack is a potential security hole, don't enable it lightly.

I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
Votes:0 Average:0.00

normal Re: auto-login hacked files for XOOPS 2.0.9.2

msg# 1.1
depth:
1
Previous post - Next post | Parent - No child | Posted on 2005/2/19 16:27
GIJOE  Gunnery Sergeant   Posts: 4110
hi dasdan.

It sounds a good idea.
As long as the recent cookie is stolen, attacker cannot login successfully.

But some users who uses 2 and above browsers (eg. in Office&Home) can't login automatically anymore.

After my current work is over, I'll consider it.
Votes:0 Average:0.00
Older is upper Newer is upper

  Advanced search

Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!