• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenForum 'profile.php' Authentication Bypass Vulnerability

OpenForum is prone to a vulnerability that lets attackers modify arbitrary user passwords because it fails to adequately secure access to administrative functionality.

This may allow the attacker to compromise the application and the underlying system; other attacks are also possible.

OpenForum 0.66 is vulnerable; other versions may also be affected.