CVE-2008-1484
CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/5165unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/45561http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txthttp://punbb.org/forums/viewtopic.php?id=18460http://secunia.com/advisories/29043http://sektioneins.de/advisories/SE-2008-01.txthttps://www.exploit-db.com/exploits/5165http://www.securityfocus.com/archive/1/488408/100/200/threadedhttp://www.securityfocus.com/bid/27908