Invision Board Restricted Forum Plaintext Password Vulnerability

Invision Board has been reported to store restricted forum credentials as plain text embedded in cookie data.

If the Invision Board admin 'pass protected' option is activated for a specific forum, on attempted access to the controlled area, the restricted forum password is reportedly stored as plaintext in a local cookie.

It should be noted that although unconfirmed this vulnerability was reported to affect all versions of Invision Power Board.


 

Privacy Statement
Copyright 2010, SecurityFocus