Lucene search

K
cve[email protected]CVE-2006-0632
HistoryFeb 10, 2006 - 11:02 a.m.

CVE-2006-0632

2006-02-1011:02:00
NVD-CWE-Other
web.nvd.nist.gov
37
cve-2006-0632
phpbb
insufficiently random data
activation key
remote attackers

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.4%

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (“validation ID”) that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.4%

Related for CVE-2006-0632