Bug in Lost Password: mail_password function
Date: Sunday, January 04 @ 09:51:19 CET
Topic: Bug Fixes


This may be a hidden bug which most phpnuke site owners might not notice but I have found this to be an anoying bug.


A user who does not remember thier password can simply access the Lost Password function of the phpnuke website. By typing in the username, the script will look for, then verify the account and send off a new password to the email address which is set for that user account.

Well, here is the bug. You can input any invalid username, example "jambajulalee", then hit the Send Password button and the script will say that the password has been mailed off. Well, being that there is no such user by that username, how can the password be mailed off?


Read more and get fix here





This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=1318