[BUG] Password Change - Special Chars

Started by Harzem, July 02, 2006, 07:26:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Harzem

July 02, 2006, 07:26:36 PM Last Edit: July 02, 2006, 07:39:10 PM by HarzeM
Hi,

I'm reporting a password change bug in SMF 1.1 RC2.

I have a password say abcd1234.

When I try to change my password from my profile to defg5678, it just changes it without problem.

But when I try to change my password to aaa''\\''\\ (Here, there are 4 single quotes, they are not double quotes), (1) it logs me out. Then I enter my new password, (2) but it says it incorrect. I re-enter my new password and it logs me in.

This is not a cookie problem. Because it only happens with special chars. I've not tested through any other chars. There are two bugs, as I've numbered as (1) and (2).

This problem also occurs right here, in simplemachines.org. I've just tried it.

I know PHP, and SMF structure. But I didn't want to mess with htmlspecialchars or addslashes things, because this is a security problem and the best is a DEVELOPER fix.

Also, this fix doesn't help:
http://www.simplemachines.org/community/index.php?topic=80787.msg550132#msg550132
because it is about the old password verification, my problem is new password verification. I've already tried that fix and it didn't help.

I know there will be a similar fix to solve this problem, and I hope we'll find it soon :)

Harzem

#1
July 08, 2006, 11:09:41 AM
Any updates? :)

Thantos

#2
August 15, 2006, 01:38:11 AM
Find
Code (Profile.php) Select

// Let's get the validation function into play...
require_once($sourcedir . '/Subs-Auth.php');
$passwordErrors = validatePassword($_POST['passwrd1'], $user_info['username'], array($user_info['name'], $user_info['email']));
Add before
Code Select
$_POST['passwrd1'] = un_htmlspecialchars($_POST['passwrd1']);
Does that take care of the problem?

Harzem

#3
August 15, 2006, 12:52:56 PM
No, it doesn't look to be fixed in my localhost. Can't you replicate the problem in a test installation?

Thantos

#4
August 27, 2006, 01:23:10 AM Last Edit: August 27, 2006, 06:38:34 AM by Thantos
Find
Code (Profile.php) Select

setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['passwrd1']) . $user_profile[$memID]['passwordSalt']));
Replace
Code Select
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));

Find
Code (Profile.php) Select

$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . addslashes(un_htmlspecialchars(stripslashes($_POST['passwrd1'])))) . '\'';
Replace
Code Select
$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';

Find
Code (LogInOut.php) Select

$sha_passwd = sha1(strtolower($user_settings['memberName']) . $_REQUEST['passwrd']);
Replace
Code Select
$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));

Edit:  Special note:  Those that currently have the special symbols in their name will need to change their password to make this work properly.

RobinSlig

#5
August 30, 2006, 11:20:59 AM
Quote from: Thantos on August 27, 2006, 01:23:10 AM
Find
Code (Profile.php) Select

setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . $_POST['passwrd1']) . $user_profile[$memID]['passwordSalt']));
Replace
Code Select
setLoginCookie(60 * $modSettings['cookieTime'], $memID, sha1(sha1(strtolower($user_profile[$memID]['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . $user_profile[$memID]['passwordSalt']));

Find
Code (Profile.php) Select

$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . addslashes(un_htmlspecialchars(stripslashes($_POST['passwrd1'])))) . '\'';
Replace
Code Select
$profile_vars['passwd'] = '\'' . sha1(strtolower($old_profile['memberName']) . un_htmlspecialchars(stripslashes($_POST['passwrd1']))) . '\'';

Find
Code (LogInOut.php) Select

$sha_passwd = sha1(strtolower($user_settings['memberName']) . $_REQUEST['passwrd']);
Replace
Code Select
$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));

Edit:  Special note:  Those that currently have the special symbols in their name will need to change their password to make this work properly.
I cannot find the Set LoginCookie. Where can I find this?
Print
Go Up Pages1
User actions
Advertisement: