SMF Support > SMF 1.1.x Support

Known security issue?

<< < (2/2)

Arantor:
Well, the vulnerability vector related to raw HTML posting is when someone is able to clone your session id and use your account.

Unfortunately 1.1 doesn't maintain any logs of who did what changes (2.0 can do this however) so it's not like there's any way to see exactly who changed the account, because if it was done through compromising your session, it would show up by it being logged as you doing it.

Forte:
In the event that my session was "cloned", wouldn't SMF still log the foreign IP as one of the ones possibly in my range, or does the last IP I used end up getting cloned as well?

Arantor:
Potentially, no.

The list of IP addresses 'in your range' is primarily based on the ones used for posting or for triggering errors, and if neither of those events occurs, the IP address will just be whatever's logged against your account for the online log.

But since the session stealing must occur while you are online, the IP address for your account for the online log would be switching back and forth between your IP address and the attacker's. If that's what happened.

Navigation

[0] Message Index

[*] Previous page