Info

Disclosure

Feb 27, 2005

Discovery

Jan 01, 2001

Dates

Exploit

Feb 28, 2005

Solution

Unknown

Description

phpBB contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an error in the comparison of "sessiondata['autologinid']" and "auto_login_key". Further, phpBB does not reset the $userdata['user_level'] variable after a failed autologin. It is possible for a remote attacker to set a specially crafted cookie to change the user_id to that of an administrator resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 2.0.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

phpBB Group	phpBB	2.0.12
		2.0.11
		2.0.10
		2.0.9
		2.0.8
		2.0.7
		2.0.6
		2.0.5
		2.0.4
		2.0.3
		2.0.2
		2.0.1
		2.0.0

References

Security Tracker: 1013375
Related OSVDB ID: 14243
Secunia Advisory ID: 14413 14493
CVE ID: 2005-0614 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0121.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0139.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0246.html
http://marc.theaimsgroup.com/?l=bugtraq&m=110970201920206&w=2
Vendor URL: http://www.phpbb.com/
Other Advisory URL: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

Credit

Paisterist -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

phpBB Group

phpBB

References

Credit