FusionBB Invisible User Online Status Disclosure

2005-06-10T02:31:49
ID OSVDB:17430
Type osvdb
Reporter OSVDB
Modified 2005-06-10T02:31:49

Description

Vulnerability Description

FusionBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user is configured to be invisible, but their online status may still be viewed in another user's buddy list or ignore list, which will disclose invisible user status information resulting in a loss of confidentiality.

Solution Description

Upgrade to version .12 Beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FusionBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user is configured to be invisible, but their online status may still be viewed in another user's buddy list or ignore list, which will disclose invisible user status information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.fusionbb.com/ Vendor Specific News/Changelog Entry: http://www.interactivephp.com/misc/CHANGELOG.html