QwikSec

Security Database

CVE

CWE

Training

CVE-2010-4626

Published: Dec 30, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://dev.mybboard.net/issues/843

x_refsource_CONFIRM

http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

x_refsource_CONFIRM

[oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

mybb-myrand-unauth-access(64516)

vdb-entry

x_refsource_XF

http://dev.mybboard.net/projects/mybb/repository/revisions/4872

x_refsource_CONFIRM

[oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

[oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.