Title: APBoard Protected Forum Plaintext Password Weakness
Severity: MODERATE
Description:
APBoard is a web-based bulletin board package based on PHP and MySQL from Another PHP Product.
When a user is logged into an APboard password protected forum, their plaintext password is included in the URL:
http://www.your-domain.com/apboard/thread.php3?id=999&passwort=1&thepasswordhere
By creating a script that logs refering URLs, an attacker could post a link to the script within the password protected forum. This would allow the attacker to steal the user's forum password.
Affected Products:
- APP APBoard 2.0.02
- APP APBoard 2.0.03
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
