Published: 24/03/2008 Updated: 11/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The password reset feature in PunBB 1.2.16 and previous versions uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.

Vulnerable Product	Search on Vulmon	Subscribe to Product
punbb punbb 1.0_alpha
punbb punbb 1.0_beta1
punbb punbb 1.1.3
punbb punbb 1.1.4
punbb punbb 1.0_beta2
punbb punbb 1.0_beta3
punbb punbb 1.0_rc1
punbb punbb 1.1.5
punbb punbb 1.0
punbb punbb 1.0.1
punbb punbb 1.1.1
punbb punbb 1.1.2
punbb punbb 1.2.11
punbb punbb 1.2.12
punbb punbb 1.2.4
punbb punbb 1.2.5
punbb punbb 1.2
punbb punbb 1.2.15
punbb punbb 1.2.16
punbb punbb 1.2.8
punbb punbb 1.2.9
punbb punbb 1.2.13
punbb punbb 1.2.14
punbb punbb 1.2.6
punbb punbb 1.2.7
punbb punbb 1.0_rc2
punbb punbb 1.1
punbb punbb 1.2.1
punbb punbb 1.2.10
punbb punbb 1.2.2
punbb punbb 1.2.3

<?php /** * Original : sektioneinsde/advisories/SE-2008-01txt * Thanks to Stefan Esser, here's the exploit * * Team : EpiBite * firefox, petit-poney, thot * Nous tenons a remercier nos mamans et papas respectifs * Let's get a fu*** coffee ! */ // conf define('URL', 'localhost/punbb_1-2-16_fr/upload'); // base url defin ...

CWE-264 http://sektioneins.de/advisories/SE-2008-01.txt http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt http://punbb.org/forums/viewtopic.php?id=18460 http://www.securityfocus.com/bid/27908 http://secunia.com/advisories/29043 http://osvdb.org/45561 https://www.exploit-db.com/exploits/5165 http://www.securityfocus.com/archive/1/488408/100/200/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/5165/

CVE-2008-1484

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect