Signature Detail
Short Name |
HTTP:PHP:PHPBB:AUTH-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
phpBB Authentication Bypass |
Release Date |
2006/04/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: phpBB Authentication Bypass
This signature detects a malicious request to a Web server running the phpBB software. By sending phpBB a request containing a maliciously crafted HTTP cookie, a client can bypass phpBB's authentication restrictions.
Extended Description
phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any known account including the administrator account. The vendor has addressed this issue in phpBB 2.0.13.
Affected Products
- Gentoo Linux
- phpBB Group phpBB 2.0.0 .0
- phpBB Group phpBB 2.0.0 Beta 1
- phpBB Group phpBB 2.0.0 RC1
- phpBB Group phpBB 2.0.0 RC2
- phpBB Group phpBB 2.0.0 RC3
- phpBB Group phpBB 2.0.0 RC4
- phpBB Group phpBB 2.0.1
- phpBB Group phpBB 2.0.10
- phpBB Group phpBB 2.0.11
- phpBB Group phpBB 2.0.12
- phpBB Group phpBB 2.0.2
- phpBB Group phpBB 2.0.3
- phpBB Group phpBB 2.0.4
- phpBB Group phpBB 2.0.5
- phpBB Group phpBB 2.0.6
- phpBB Group phpBB 2.0.6 c
- phpBB Group phpBB 2.0.6 d
- phpBB Group phpBB 2.0.7
- phpBB Group phpBB 2.0.7 a
- phpBB Group phpBB 2.0.8
- phpBB Group phpBB 2.0.8 a
- phpBB Group phpBB 2.0.9
References