DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Deluxebb | Deluxebb | 1.05 | 1.05 |
Deluxebb | Deluxebb | 1.0 | 1.0 |
Deluxebb | Deluxebb | 1.07 | 1.07 |
Deluxebb | Deluxebb | * | 1.08 |
Deluxebb | Deluxebb | 1.06 | 1.06 |