FunkBoard 0.6 and lower local plaintext cookie vulnerability

Status: Beta

Brought to you by: j_metal

#2 FunkBoard 0.6 and lower local plaintext cookie vulnerability

Milestone: General_Bugs

Status: open

Owner: nobody

Labels: General Bugs (2)

Priority: 5

Updated: 2003-11-23

Created: 2003-11-23

Creator: Anonymous

Private: No

FunkBoard 0.6 and lower local plaintext cookie
vulnerability

1. Info
2. Problem/Code
3. End

1. Vendor: http://funkboard.sourceforge.net
Version: 0.6 and lower
Severity: Medium

2. FunkBoard stores cookies with plaintext username /
password locally.

Problem Code:

setcookie("fbusername", $name, mktime(0,0,0,0,0,2020),
$cookiepath);
setcookie("fbpassword", $pass, mktime(0,0,0,0,0,2020),
$cookiepath);

3. This isnt really a serious vulnerability, since its only
local, but still should be fixed.

-CT cyber_talon@hotmail.com 11-23-03