CVE-2008-1484

Sažetak

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.

Reference

http://osvdb.org/45561
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
http://punbb.org/forums/viewtopic.php?id=18460
http://secunia.com/advisories/29043
http://sektioneins.de/advisories/SE-2008-01.txt
http://www.securityfocus.com/archive/1/488408/100/200/threaded
http://www.securityfocus.com/bid/27908
https://www.exploit-db.com/exploits/5165

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-10-2018 - 20:35

Objavljeno

24-03-2008 - 23:44