Vulnerabilities

CVE-2006-0632

by Fred · 10/02/2006

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

Date published : 2006-02-10

http://www.securityfocus.com/archive/1/424074/100/0/threaded

http://www.r-security.net/tutorials/view/readtutorial.php?id=4

Similar

Tags: Cybersecurity Alert