|
|
CVE Reference: CVE-2008-1484 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1484 |
|
|
Description: The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA29043 OSVDB 45561 MISC http://sektioneins.de/advisories/SE-2008-01.txt MILW0RM http://www.milw0rm.com/exploits/5165 CONFIRM http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt http://punbb.org/forums/viewtopic.php?id=18460 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/488408/100/200/threaded BID 27908 |
|
| Return to the previous page. |
