MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Tabbed Menu (Labrocca) Vuln
Full Version: Tabbed Menu (Labrocca) Vuln
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

LudiusMAX

2014-02-11, 12:31 AM
One of my users just reported this to me via PM:


"Vega detected a form with a password input field that submits to an insecure (HTTP) target. Password values should never be sent in the clear across insecure channels. This vulnerability could result in unauthorized disclosure of passwords to passive network attackers. "


Is this vulnerable?

Nathan Malcolm

2014-02-11, 12:37 AM
One of your users should stop using vulnerability scanners, especially considering they don't understand the output.

That's nothing to worry about and has nothing to do with the Tabbed Menu plugin. It simply means you aren't using TLS (https).

LudiusMAX

2014-02-11, 12:57 AM
(2014-02-11, 12:37 AM)Nathan Malcolm Wrote: [ -> ]One of your users should stop using vulnerability scanners, especially considering they don't understand the output.

That's nothing to worry about and has nothing to do with the Tabbed Menu plugin. It simply means you aren't using TLS (https).

It leads back to a .js file for the Tabbed Menu plugin. Are you absolutely sure this can't be abused?

Nathan Malcolm

2014-02-11, 01:09 AM
Positive. All it means is you're not using TLS. There's no vulnerability or anything you need to be worried about.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Tabbed Menu (Labrocca) Vuln