vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   username & insecure password shell script (https://vborg.vbsupport.ru/showthread.php?t=78058)

nighteyes 03-13-2005 07:08 PM
username & insecure password shell script
 
Would anyone be interested in coding a quick shell script I can run on our database to detect users accounts that have a password matching their username?

I'm thinking with the encrypted password the only way to do this is simulate logins. The script needs to grab each username in the db and attempt to login, if login is authorised we log the information and then later proceed to contact the member requesting they change their password. The information could be stored flatfile or in the database which is then queried with admin php script(s).

I imagine this wouldn't be a huge job. If nobody else has use for this, I'm happy to pay any coder to do the job for us... quote me a price and estimated time you can have the job done by.

But I think this could be useful for the community at large. vBulletin does a very poor job of protecting against insecure user registrations and account hacking, defences really need to be shored up in the next release.

Marco van Herwaarden 03-13-2005 07:32 PM
Not even a shell job or a simulated login needed. The hashing alghorithm is know, so a simple php script (or maybe even a single SQL-statement) could do the job.


All times are GMT. The time now is 04:08 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01030 seconds
  • Memory Usage 1,705KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete