IP.Board Plaintext Password Vulnerability
Vendor: Invision Power Services
Product: IP.Board
Version: <= 1.1.1
Website: http://www.invisionboard.com/
BID: 7440
Description:
Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. It is used by millions of people over the world.

Plaintext Password Vulnerability:
Invision Board has been stores restricted forum credentials as plain text embedded in cookie data. These are the forums where you need a password to get access into the forum. If the Invision Board admin 'pass protected' option is activated for a specific forum, on attempted access to the controlled area, the restricted forum password is stored as plaintext in a local cookie. This is dangerous because if an attacker can steal the legit users cookie, then they can gain access to the restricted forum(s). This vulnerability affects all versions of Invision Power Board. Users should not disclose any sensitive information on these "restricted" forums, as they are not secure.

Credits:
James Bercegay of the GulfTech Security Research Team.