Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Fri, 6 Feb 2009 14:09:33 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: Steven Christey <coley@...us.mitre.org>
Subject: CVE request: phpbb < 3.0.4

From release notes:

"This release fixes some bugs introduced with the changes in 3.0.3, corrects 
minor issues, fixes two security bugs and also increases performance 
significantly."

"# [Sec] Fixed an issue where deactivated accounts could be re-activated 
without the required privileges. (Reported by Jorick)
# [Sec] Ask for forum password if post within passworded forum quoted in 
private message. (Reported by nickvergessen)"

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ