|
|
CVE Reference: CVE-2006-0632 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0632 |
|
|
Description: The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24573 SAID Secunia Advisory: SA18727 OSVDB 22949 MISC http://www.r-security.net/tutorials/view/readtutorial.php?id=4 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/424074/100/0/threaded |
|
| Return to the previous page. |
