BOB: Business Objects Board
Not endorsed by or affiliated with SAP

Register | Login 

Follow BOB on Twitter! 
Follow BOB on Twitter! (Opens a new window)  

General Notice: Upcoming Events: PGHBOUG: Nov 1.

phpBB passwords


 
Search this topic... | Search About BOB... | Search Box
Register or Login to Post    Forum Index -> About BOB  Previous TopicPrint TopicNext Topic
Author Message
kbrazell
Principal Member
Principal Member



Joined: 19 Aug 2003

Posts: 183
Location: DFW Metroplex (but mobile) I applied to Mars One


flag
PostPosted: Tue Sep 03, 2019 3:47 pm 
Post subject: phpBB passwords

Another big site just go hacked.

https://www.engadget.com/2019/09/03/xkcd-forum-breach-exposes-details-from-over-560-000-user-account/

I'm not sure what method of password storage is used here, but the assumption that some vulnerability in the DB or the webserver may expose data beyond the control of the phpBB software itself may not be out of order.

I have a few spare cycles if throwing bodies at a task like updating an encrypt method and modifying code to allow two password tables to exist (one for users that have not yet updated their PW and another table for users that have updated their PW) might help.

_________________
Kyle Brazell
BOBJ XIr3
Oracle ... 10g, 11g
on HP-UX, AIX, Linux

Web Developer
Oracle ... 11g
on Linux (via OSX)

IoT Developer
Embedded System Programmer
Back to top
Display posts from previous:   
Register or Login to Post    Forum Index -> About BOB  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 5 Hours
 
Jump to:  

Index | About | FAQ | RAG | Privacy | Search |  Register |  Login 

Get community updates via Twitter:

Not endorsed by or affiliated with SAP
Powered by phpBB © phpBB Group
Generated in 0.0324 seconds using 18 queries. (SQL 0.0087 Parse 0.0008 Other 0.0230)
CCBot/2.0 (https://commoncrawl.org/faq/)
Hosted by ForumTopics.com | Terms of Service
phpBB Customizations by the phpBBDoctor.com
Shameless plug for MomentsOfLight.com Moments of Light Logo