Phorum Cookie User Credential Storage

2005-09-01T05:43:51
ID OSVDB:19157
Type osvdb
Reporter Scott Dewey(wr0ck.lists@gmail.com)
Modified 2005-09-01T05:43:51

Description

Vulnerability Description

Phorum contains a flaw that may allows a remote attacker to arbitrary hijack user sessions. The problem is that the application stores user credentials in cookies. It is possible for a remote attacker to arbitrary manipulate cookies and hijack user sessions resulting in a loss of integrity.

Solution Description

Upgrade to version 5.0.18a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Phorum contains a flaw that may allows a remote attacker to arbitrary hijack user sessions. The problem is that the application stores user credentials in cookies. It is possible for a remote attacker to arbitrary manipulate cookies and hijack user sessions resulting in a loss of integrity.

References:

Vendor URL: http://www.phorum.org Secunia Advisory ID:16667 Related OSVDB ID: 19155 Related OSVDB ID: 19156 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0048.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0018.html