Re: auto-login hacked files for XOOPS 2.0.9.2
List posts in the topic
Re: auto-login hacked files for XOOPS 2.0.9.2
msg# 1
dasdan
From: Belgium / Ghent
Posts: 4
This hack stores the password as an MD5 hash on the client, but this is vulnerable to dictionary attacks, and simple copying to another computer.
This hack is a potential security hole, don't enable it lightly.
I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
Votes:0
Average:0.00
Posts tree