 |
|
 |
|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 329 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: PHP-Nuke Security GFX Mapping - Potential Risk (Score: 1)
by Zhen-Xjell on Friday, February 13 @ 10:53:46 CET
(User Info | Send a Message) http://castlecops.com | The security risk as stated a long time ago in these discussions and in the article is that for a php-nuke fresh install, the default sitekey exists. You or anyone can download phpnuke and see what that value is. You can then sit there and run a generation against all possible random numbers. Each one will give you the same security code on the same day. Run that for 365 days for each possible random number, you now have a database that can be used by a bot to run brute force attacks against a phpnuke that didn't change their sitekey.
This isn't about changing something in phpnuke that already has this implemented. Its about getting folks to change their sitekey value so that the stock database cannot be used.
And if your code is changing that is due to your user agent changing if you are utilizing the same random_num.
I think at this point you are not inline with what this article is discussing and going on a complete tangent. |
| Parent | | | | | |
|