Lucene search

[email protected]NVD:CVE-2010-4626

HistoryDec 30, 2010 - 9:00 p.m.

CVE-2010-4626

2010-12-3021:00:02

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account’s password, and then conducting a brute-force attack.

Affected configurations

Nvd

Node

mybbmybbRange≤1.4.11

mybbmybbMatch1.00

mybbmybbMatch1.01

mybbmybbMatch1.1.0

mybbmybbMatch1.1.1

mybbmybbMatch1.1.2

mybbmybbMatch1.1.3

mybbmybbMatch1.1.4

mybbmybbMatch1.1.5

mybbmybbMatch1.1.6

mybbmybbMatch1.1.7

mybbmybbMatch1.1.8

mybbmybbMatch1.02

mybbmybbMatch1.2

mybbmybbMatch1.2.0

mybbmybbMatch1.2.1

mybbmybbMatch1.2.2

mybbmybbMatch1.2.3

mybbmybbMatch1.2.4

mybbmybbMatch1.2.5

mybbmybbMatch1.2.6

mybbmybbMatch1.2.7

mybbmybbMatch1.2.8

mybbmybbMatch1.2.9

mybbmybbMatch1.2.10

mybbmybbMatch1.2.11

mybbmybbMatch1.2.12

mybbmybbMatch1.2.13

mybbmybbMatch1.03

mybbmybbMatch1.04

mybbmybbMatch1.4.0

mybbmybbMatch1.4.2

mybbmybbMatch1.4.3

mybbmybbMatch1.4.6

mybbmybbMatch1.4.8

mybbmybbMatch1.4.9

mybbmybbMatch1.4.10

VendorProductVersionCPE
mybbmybb*cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*
mybbmybb1.00cpe:2.3:a:mybb:mybb:1.00:*:*:*:*:*:*:*
mybbmybb1.01cpe:2.3:a:mybb:mybb:1.01:*:*:*:*:*:*:*
mybbmybb1.1.0cpe:2.3:a:mybb:mybb:1.1.0:*:*:*:*:*:*:*
mybbmybb1.1.1cpe:2.3:a:mybb:mybb:1.1.1:*:*:*:*:*:*:*
mybbmybb1.1.2cpe:2.3:a:mybb:mybb:1.1.2:*:*:*:*:*:*:*
mybbmybb1.1.3cpe:2.3:a:mybb:mybb:1.1.3:*:*:*:*:*:*:*
mybbmybb1.1.4cpe:2.3:a:mybb:mybb:1.1.4:*:*:*:*:*:*:*
mybbmybb1.1.5cpe:2.3:a:mybb:mybb:1.1.5:*:*:*:*:*:*:*
mybbmybb1.1.6cpe:2.3:a:mybb:mybb:1.1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mybb	mybb	*	cpe:2.3:a:mybb:mybb::::::::
mybb	mybb	1.00	cpe:2.3:a:mybb:mybb:1.00:::::::*
mybb	mybb	1.01	cpe:2.3:a:mybb:mybb:1.01:::::::*
mybb	mybb	1.1.0	cpe:2.3:a:mybb:mybb:1.1.0:::::::*
mybb	mybb	1.1.1	cpe:2.3:a:mybb:mybb:1.1.1:::::::*
mybb	mybb	1.1.2	cpe:2.3:a:mybb:mybb:1.1.2:::::::*
mybb	mybb	1.1.3	cpe:2.3:a:mybb:mybb:1.1.3:::::::*
mybb	mybb	1.1.4	cpe:2.3:a:mybb:mybb:1.1.4:::::::*
mybb	mybb	1.1.5	cpe:2.3:a:mybb:mybb:1.1.5:::::::*
mybb	mybb	1.1.6	cpe:2.3:a:mybb:mybb:1.1.6:::::::*

Rows per page:

1-10 of 371

References

blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/

dev.mybboard.net/issues/843

dev.mybboard.net/projects/mybb/repository/revisions/4872

openwall.com/lists/oss-security/2010/10/08/7

openwall.com/lists/oss-security/2010/10/11/8

openwall.com/lists/oss-security/2010/12/06/2

exchange.xforce.ibmcloud.com/vulnerabilities/64516

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Related for NVD:CVE-2010-4626

cve1 cvelist1 prion1