Security of Control Panel

  • Time
  • Show
Clear All
new posts
  • Susan
    Senior Member
    • May 2000
    • 633

    Security of Control Panel

    I just managed to log into the control panel and make changes to the board using a totally ficticious password. Yep, it asked me to log in, but I used one of our moderators names and random characters for a password, and it let me in to do what I pleased in the control panel. YIKES.

  • JimF
    Senior Member
    • May 2000
    • 1988

    I don't know if this is a solution for you, but I used .htaccess to password protect the /Admin directory. I did the same thing for my UBB CP; I actually created a directory called CP and password protected it.

    That would add a little more security than the vB user auth can handle. But I agree, this is a major bug, though I tried it on my board and couldn't get in.


    • John
      Senior Member
      • Apr 2000
      • 4042

      OK - that is a problem, and I will upload a fix for it soonest.

      However, it is not quite a serious as it first seems. It is only because you have the admin cookie on your system that you can log in.

      John Percival

      Artificial intelligence usually beats real stupidity ;)


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.