retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote malicious users to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dcscripts dcforum 6.21 |
||
dcscripts dcforum 2000 |
||
dcscripts dcforum 5.0 |
||
dcscripts dcforum 6.0 |