CVE-2002-0226

2002-05-16T04:00:00
ID CVE-2002-0226
Type cve
Reporter cve@mitre.org
Modified 2016-10-18T02:17:00

Description

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.