Security of Control Panel

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Susan
    Senior Member
    • May 2000
    • 633
    #1

    Security of Control Panel

    I just managed to log into the control panel and make changes to the board using a totally ficticious password. Yep, it asked me to log in, but I used one of our moderators names and random characters for a password, and it let me in to do what I pleased in the control panel. YIKES.

    Susan
    Tags: None
    • JimF
      Senior Member
      • May 2000
      • 1988
      #2
      I don't know if this is a solution for you, but I used .htaccess to password protect the /Admin directory. I did the same thing for my UBB CP; I actually created a directory called CP and password protected it.

      That would add a little more security than the vB user auth can handle. But I agree, this is a major bug, though I tried it on my board and couldn't get in.

        Comment

        • John
          Senior Member
          • Apr 2000
          • 4042
          #3
          OK - that is a problem, and I will upload a fix for it soonest.

          However, it is not quite a serious as it first seems. It is only because you have the admin cookie on your system that you can log in.

          Thanks,
          John
          John Percival

          Artificial intelligence usually beats real stupidity ;)

            Comment

            Previous template Next
            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            😀
            😂
            🥰
            😘
            🤢
            😎
            😞
            😡
            👍
            👎