CVE-2010-4626

2010-12-30T21:00:00
ID CVE-2010-4626
Type cve
Reporter cve@mitre.org
Modified 2017-08-17T01:33:00

Description

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.