Author Topic: Security Issue - Your Password Can Be Stolen! (Read 3104 times)

c0nsumer · « **on:** March 01, 2002, 04:59:09 am »

As a heads up to everyone, you might want to use a unique password for this site, as opposed to one that you use all over the place. It appears that YaBB is vulnerable to a cross-site scripting vulnerability. This is the same type of vulnerability that lots of other software packages were found vulnerable to. However, most of these other packages got fixed. This issue has been known since early January, 2002. For more info go check here: http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828. The long and short of it is that someone could post a message to the board and everyone who views that message will have the cookie containing their login information stolen. Nice, eh?

-Steve

planetjay · « **Reply #1 on:** March 01, 2002, 11:12:51 am »

On the other hand a patch was released on 01/15/2002 that fixed the problem. That patch is installed.

DON'T PANIC!


Main	Restorations	Software	Audio/Jukebox/MP3	Everything Else	Buy/Sell/Trade
Project Announcements	Monitor/Video	GroovyMAME	Merit/JVL Touchscreen	Meet Up	Retail Vendors
Driving & Racing	Woodworking	Software Support Forums	Consoles	Project Arcade	Reviews
Automated Projects	Artwork	Frontend Support Forums	Pinball	Forum Discussion	Old Boards
Raspberry Pi & Dev Board	controls.dat	Linux	Miscellaneous Arcade	Wiki Discussion	Old Archives
Lightguns	Arcade1Up	Try the site in https mode		Site News


Unread posts \| New Replies \| Recent posts \| Rules \| Chatroom \| Wiki \| File Repository \| RSS \| Submit news

Author Topic: Security Issue - Your Password Can Be Stolen! (Read 3104 times)

c0nsumer

Security Issue - Your Password Can Be Stolen!

planetjay

Re: Security Issue - Your Password Can Be Stolen!