icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpBB < 2.0.13 Cookie Authentication Bypass

High

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication.

Description

The remote host is running phpBB, a web-based forum application written in PHP. There is a flaw in this version of phpBB that will allow a remote attacker to bypass the login process. Specifically, a malformed cookie, when processed by phpBB, will always result in a 'true' value.

Solution

Upgrade to version 2.0.13 or higher.