MitreCVE-2010-4626CVE-2010-4626
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
80.7%
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account’s password, and then conducting a brute-force attack.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mybb | mybb | * | cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:* |
| mybb | mybb | 1.00 | cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:* |
| mybb | mybb | 1.01 | cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.0 | cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.1 | cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.2 | cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.3 | cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.4 | cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.5 | cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:* |
| mybb | mybb | 1.1.6 | cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:* |
References
blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
dev.mybboard.net/issues/843
dev.mybboard.net/projects/mybb/repository/revisions/4872
openwall.com/lists/oss-security/2010/10/08/7
openwall.com/lists/oss-security/2010/10/11/8
openwall.com/lists/oss-security/2010/12/06/2
exchange.xforce.ibmcloud.com/vulnerabilities/64516
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
80.7%