PEAK XOOPS - Re: auto-login hacked files for XOOPS 2.0.9.2 
TOP
>
Forum
>
Comments
>
Downloads comment
>
Re: auto-login hacked files for XOOPS 2.0.9.2
>
Re: auto-login hacked files for XOOPS 2.0.9.2
Re: auto-login hacked files for XOOPS 2.0.9.2
| Target | Downloads |
| Subject | auto-login hacked files for XOOPS 2.0.9.3 |
| Summary | == AUTO-LOGIN V2 (REMEMBER ME) hacked files for XOOPS 2.0.9.x ==Security fix: overwrite include/checklogin.php and include/common.php again.------------------------------------------------------------------Hacked core files to be able to login autom... |
Re: auto-login hacked files for XOOPS 2.0.9.2
msg# 1
- depth:
- 0
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/2/19 6:31
dasdan
From: Belgium / Ghent
Posts: 4
From: Belgium / Ghent
Posts: 4
This hack stores the password as an MD5 hash on the client, but this is vulnerable to dictionary attacks, and simple copying to another computer.
This hack is a potential security hole, don't enable it lightly.
I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
This hack is a potential security hole, don't enable it lightly.
I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
Votes:0
Average:0.00
Posts tree
-
Re: auto-login hacked files for XOOPS 2.0.9.2
(dasdan, 2005/2/19 6:31)
-
Re: auto-login hacked files for XOOPS 2.0.9.2
(GIJOE, 2005/2/19 16:27)
-
Login