← voltar
CVE-2006-0633

CVE-2006-0633

EPSS 1.2%
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://forums.invisionpower.com/lofiversion/index.php/t200085.htmlhttp://www.r-security.net/tutorials/view/readtutorial.php?id=4