Back to search
CVE-2008-1484
Published: Mar 24, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://punbb.org/forums/viewtopic.php?id=18460
x_refsource_CONFIRM
29043
third-party-advisory
x_refsource_SECUNIA
http://sektioneins.de/advisories/SE-2008-01.txt
x_refsource_MISC
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
x_refsource_CONFIRM
45561
vdb-entry
x_refsource_OSVDB
20080220 Advisory SE-2008-01: PunBB Blind Password Recovery Vulnerability
mailing-list
x_refsource_BUGTRAQ
5165
exploit
x_refsource_EXPLOIT-DB
27908
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now