Current time: 11-27-2024, 07:15 AM Hello There, Guest! (LoginRegister)


Post Reply 
PMA Security vulnerability ?
Author Message
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #8
RE: PMA Security vulnerability ?
Well I'm still not quite sure.
docu in pma:
> In cookie mode, the password is stored, encrypted with the blowfish
> algorithm, in a temporary cookie

I don't say it's easy to break in but I think it'd be better if the blowfish_secret is not the same in all installations...

When I have some time, I'll try to test that. I the Cookies I have user and passwd - encryted, now I have to analyze how pma does decrypt theese things and then we'll see.

And then we make the test: you give me the cookie data of your pma and I'll try to get the password in cleartext...
05-31-2007 08:33 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
PMA Security vulnerability ? - BeNe - 05-30-2007, 07:11 PM
RE: PMA Security vulnerability ? - joximu - 05-30-2007, 07:47 PM
RE: PMA Security vulnerability ? - BeNe - 05-30-2007, 11:34 PM
RE: PMA Security vulnerability ? - RatS - 05-31-2007, 02:22 AM
RE: PMA Security vulnerability ? - BeNe - 05-31-2007, 02:40 AM
RE: PMA Security vulnerability ? - joximu - 05-31-2007, 03:23 AM
RE: PMA Security vulnerability ? - RatS - 05-31-2007, 07:30 AM
RE: PMA Security vulnerability ? - joximu - 05-31-2007 08:33 AM
RE: PMA Security vulnerability ? - raphael - 05-31-2007, 10:17 AM
RE: PMA Security vulnerability ? - raphael - 05-31-2007, 11:22 AM
RE: PMA Security vulnerability ? - joximu - 05-31-2007, 05:07 PM
RE: PMA Security vulnerability ? - BeNe - 05-31-2007, 11:12 PM
RE: PMA Security vulnerability ? - raphael - 06-01-2007, 10:21 AM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)