TUCoPS :: Web :: Apps :: web4992.htm

Geeklog.cgi user restrictions may be bypassed
11th Jan 2002 [SBWID-4992]
COMMAND

	Geeklog.cgi user restrictions may be bypassed

SYSTEMS AFFECTED

	Geeklog 1.3

PROBLEM

	Adrian Chung [http://www.enfusion-group.com/~adrian] wrote :
	

	--snip--
	

	When permanent cookies are enabled, as they  are  in  a  stock  install,
	Geeklog stores  a  user\'s  UID  in  a  cookie  upon  successful  login.
	Modification of the UID in the cookie allows  any  user  to  assume  the
	identity.
	

	--snap--

SOLUTION

	Patch is available from [http://www.geeklog.org]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH