CVE-2008-1484
N/A
N/A
Summary
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://punbb.org/forums/viewtopic.php?id=18460
- http://secunia.com/advisories/29043
- http://sektioneins.de/advisories/SE-2008-01.txt
- http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
- http://osvdb.org/45561
- http://www.securityfocus.com/archive/1/488408/100/200/threaded
- https://www.exploit-db.com/exploits/5165
- http://www.securityfocus.com/bid/27908
References
- http://punbb.org/forums/viewtopic.php?id=18460
- http://secunia.com/advisories/29043
- http://sektioneins.de/advisories/SE-2008-01.txt
- http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
- http://osvdb.org/45561
- http://www.securityfocus.com/archive/1/488408/100/200/threaded
- https://www.exploit-db.com/exploits/5165
- http://www.securityfocus.com/bid/27908
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.