The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
username & insecure password shell script
Would anyone be interested in coding a quick shell script I can run on our database to detect users accounts that have a password matching their username?
I'm thinking with the encrypted password the only way to do this is simulate logins. The script needs to grab each username in the db and attempt to login, if login is authorised we log the information and then later proceed to contact the member requesting they change their password. The information could be stored flatfile or in the database which is then queried with admin php script(s). I imagine this wouldn't be a huge job. If nobody else has use for this, I'm happy to pay any coder to do the job for us... quote me a price and estimated time you can have the job done by. But I think this could be useful for the community at large. vBulletin does a very poor job of protecting against insecure user registrations and account hacking, defences really need to be shored up in the next release. |
#2
|
|||
|
|||
Not even a shell job or a simulated login needed. The hashing alghorithm is know, so a simple php script (or maybe even a single SQL-statement) could do the job.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|