Software Security/Group 4/Verdict/V7.4
Uit Werkplaats
< Software Security | Group 4 | Verdict
phpBB2/admin/admin_users.php:187: $password = md5($password); phpBB2/includes/usercp_sendpasswd.php:57: SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' phpBB2/includes/usercp_register.php:263: if ( $row['user_password'] != md5($password_current) ) phpBB2/includes/usercp_register.php:272: $password = md5($password); phpBB2/includes/usercp_register.php:309: if ( $row['user_password'] != md5($password_current) ) phpBB2/includes/bbcode.php:236: $uid = md5(mt_rand()); phpBB2/includes/sessions.php:151: $session_id = md5(uniqid($user_ip)); phpBB2/profile.php:64: return ( $hash ) ? md5($rand_str) : $rand_str; phpBB2/login.php:73: if( md5($password) == $row['user_password'] && $row['user_active'] ) phpBB2/install.php:845: $admin_pass_md5 = ( $confirm && $userdata['user_level'] == ADMIN ) ? $admin_pass1 : md5($admin_pass1); phpBB2/install.php:848: SET username = '" . str_replace("\'", "", $admin_name) . "', user_password='" . str_replace("\'", "",$admin_pass_md5) . "', user_lang = '" . str_replace("\'", "", $language) . "', user_email='" . str_replace("\'", "", $board_email) . "'
In phpBB2/admin/admin_users.php, line 175-190:
if( !empty($password) && !empty($password_confirm) ) { // // Awww, the user wants to change their password, isn't that cute.. // if($password != $password_confirm) { $error = TRUE; $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch']; } else { $password = md5($password); $passwd_sql = "user_password = '$password', "; } }
In phpBB2/includes/usercp_sendpasswd.php, line 56-58:
$user_password = gen_rand_string(false); $sql = "UPDATE " . USERS_TABLE . " SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey' WHERE user_id = " . $row['user_id'];
In phpBB2/login.php, line 73-77:
if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
And several other instances.