Advertisement:
Anonymous Login
12-05-2016 07:51 PM

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003908SMF 2.0Securitypublic2010-05-09 05:41
Reporterhuw 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
Summary0003908: Password hashing in maintenance mode
Descriptionhttp://www.simplemachines.org/community/index.php?topic=343315.0

Passwords are currently sent as plaintext when the forum is in maintenance mode.
Tags2.0 final, With Fix
Attached Files
  • patch file icon bug_3908.patch (1,369 bytes) 2010-05-07 04:10 -
    --- Themes/default/Login.template.php	Fri Jan 16 06:26:28 1970
    +++ Themes/default/Login.template.php	Fri Jan 16 06:26:28 1970
    @@ -146,11 +146,12 @@
     {
     	global $context, $settings, $options, $scripturl, $txt, $modSettings;
     
     	// Display the administrator's message at the top.
     	echo '
    -<form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '">
    +<script type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>
    +<form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '"', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>
     	<div class="tborder login" id="maintenance_mode">
     		<div class="cat_bar">
     			<h3 class="catbg">', $context['title'], '</h3>
     		</div>
     		<p class="description">
    @@ -173,10 +174,11 @@
     				<dd><input type="checkbox" name="cookieneverexp" class="input_check" /></dd>
     			</dl>
     			<p class="centertext"><input type="submit" value="', $txt['login'], '" class="button_submit" /></p>
     		</div>
     		<span class="lowerframe"><span></span></span>
    +		<input type="hidden" name="hash_passwrd" value="" />
     	</div>
     </form>';
     }
     
     // This is for the security stuff - makes administrators login every so often.
    
    patch file icon bug_3908.patch (1,369 bytes) 2010-05-07 04:10 +

-Relationships
+Relationships

-Notes

bugnote:0011880

[SiNaN] (Viewer)

Attached a patch for this issue.

bugnote:0011896

[SiNaN] (Viewer)

 ! Passwords were sent as plaintext when the forum was in maintenance mode. (Login Template) Revision 9857
+Notes
MantisBT (Modified for SMF Intergration)[^] Copyright © 2000 - 2010 Mantis Group