Back to search
CVE-2006-3204
Published: Jun 24, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt
x_refsource_MISC
1138
third-party-advisory
x_refsource_SREASON
20060620 ULtimate PHP Board <= 1.96 GOLD Code Execution (exploit code)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now