"A remote attacker, with read access to the password database can gain administrator rights."
This also applies to many other blog software and also every system with a password database. -- Francesco Vaj [CISSP - GIAC] Senior Content Manipulation Consultant mailto:[EMAIL PROTECTED] aim: XSS Cross Site XSS Worm: Cross Site Scripting Attacks Wordpress Blog Password Hash Replay Information Portal (tm) 2007 http://www.XSSworm.com/ -- "Vaj, bella vaj."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
