APBoard Protected Forum Plaintext Password Weakness

info
discussion
exploit
solution
references

APBoard Protected Forum Plaintext Password Weakness

When an APBoard user logs into a password protected forum, their plaintext password is included in the forum URL.

A user's forum password could be stolen by posting a link in a protected forum to a referer-logging script.