Intrusion Prevention

PHPBB.Authentication.Bypass

Description

A vulnerability has been reported in phpBB, which can be exploited by malicious attackers to bypass certain security restrictions. The vulnerability is caused by an error in the comparison of "sessiondata['autologinid']" and "auto_login_key". This can be exploited to gain administrative privileges on phpBB.

Affected Products

Version 2.0.12 and prior.

Impact

Gain administrator privileges.

Recommended Actions

Update to version 2.0.13.

CVE References

CVE-2005-0614