Software Security/Group 4/Verdict/V7.4

Uit Werkplaats
Ga naar: navigatie, zoeken
phpBB2/admin/admin_users.php:187:                $password = md5($password);
phpBB2/includes/usercp_sendpasswd.php:57:                SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
phpBB2/includes/usercp_register.php:263:                if ( $row['user_password'] != md5($password_current) )
phpBB2/includes/usercp_register.php:272:                $password = md5($password);
phpBB2/includes/usercp_register.php:309:            if ( $row['user_password'] != md5($password_current) )
phpBB2/includes/bbcode.php:236:    $uid = md5(mt_rand());
phpBB2/includes/sessions.php:151:        $session_id = md5(uniqid($user_ip));
phpBB2/profile.php:64:    return ( $hash ) ? md5($rand_str) : $rand_str;
phpBB2/login.php:73:                if( md5($password) == $row['user_password'] && $row['user_active'] )
phpBB2/install.php:845:            $admin_pass_md5 = ( $confirm && $userdata['user_level'] == ADMIN ) ? $admin_pass1 : md5($admin_pass1);
phpBB2/install.php:848:                SET username = '" . str_replace("\'", "", $admin_name) . "', user_password='" . str_replace("\'", "",$admin_pass_md5) . "', user_lang = '" . str_replace("\'", "", $language) . "', user_email='" . str_replace("\'", "", $board_email) . "'


In phpBB2/admin/admin_users.php, line 175-190:

if( !empty($password) && !empty($password_confirm) )
{
    //
    // Awww, the user wants to change their password, isn't that cute..
    //
    if($password != $password_confirm)
    {
        $error = TRUE;
        $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Password_mismatch'];
    }
    else
    {
        $password = md5($password);
        $passwd_sql = "user_password = '$password', ";
    }
}


In phpBB2/includes/usercp_sendpasswd.php, line 56-58:

$user_password = gen_rand_string(false);

$sql = "UPDATE " . USERS_TABLE . "
    SET user_newpasswd = '" .md5($user_password) . "', user_actkey = '$user_actkey'
    WHERE user_id = " . $row['user_id'];


In phpBB2/login.php, line 73-77:

if( md5($password) == $row['user_password'] && $row['user_active'] )
{
    $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

    $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

And several other instances.