Re: auto-login hacked files for XOOPS 2.0.9.2
Target |
Downloads |
Subject |
auto-login hacked files for XOOPS 2.0.9.3 |
Summary |
== AUTO-LOGIN V2 (REMEMBER ME) hacked files for XOOPS 2.0.9.x ==Security fix: overwrite include/checklogin.php and include/common.php again.------------------------------------------------------------------Hacked core files to be able to login autom... |
List posts in the topic
Re: auto-login hacked files for XOOPS 2.0.9.2
msg# 1
dasdan
From: Belgium / Ghent
Posts: 4
This hack stores the password as an MD5 hash on the client, but this is vulnerable to dictionary attacks, and simple copying to another computer.
This hack is a potential security hole, don't enable it lightly.
I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
Votes:0
Average:0.00
Posts tree