- Jan 31, 2002 - security advisory

DCScripts Bugtrac system | DCScripts support forum

Subject: "Jan 31, 2002 - security advisory"

Products Security Bulletin Topic #3
Printer-friendly copy Email this topic to a friend
Reading Topic #3

Author

David

Date/Time

Jan-31-02, 10:07 PM (EDT)

Description

Jan 31, 2002 - security advisory

Fix

LAST EDITED ON Feb-01-02 AT 11:10 AM (EDT)

We recently uncovered a bug that must be fixed as soon as possible. All DCForum packages downloaded before Jan 31, 2002 will require this patch. For security reasons, we are witholding the details for now.

FIX - In retrieve_password.pl, look for


      $new_password = substr($new_password,1,6);

Remove this line. Then, just below


      srand(time|$$);

Add


      $new_password = int (rand(100000000));

so that you have


      srand(time|$$);
      $new_password = int (rand(100000000));

Or, you can save following page as retrieve_password.pl
and replace your copy:

http://www.dcscripts.com/FAQ/retrieve_password.txt

Please apply this patch as soon as possible. If you have
any questions, please contact me at david@dcscripts.com

Thank you for your continued support.

Regards,

David S. Choi
DCScripts

Conferences | Topics | Previous Topic | Next Topic