Security Alert
Date: Sunday, July 27 @ 12:17:49 CEST
Topic: Security


Security Alert 7/20/2003!

[Note:Copied from Message post to keep in archives]

I've been helping a user today. He couldn't login as Admin and upon investigation it just looked like a case of a forgotten password. Once I got him up and running, he said he knew he had never entered that author name in the God record. He inspected the nuke.sql file from his v6.8 distro and the INSERT statement to nuke_authors came preinstalled (thank you very much ) with a user 'aaa' and a password that of course was MD5'd! He said he got the v6.8 from a link on nukephp.org.

I won't bother preaching about using versions that aren't public and aren't from reliable sources. Be warned, however, to make sure you know your sources!

Read this post for more on this.







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=396