{"type": "osvdb", "published": "2002-02-02T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:3866", "hashmap": [{"key": "affectedSoftware", "hash": "6c3f03eb9dc59693079db46d65597316"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "912c05eeb29540a6ade3c8ff411d5b57"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "543c07eed4e02c565cee63ec96817b0b"}, {"key": "href", "hash": "e572c1dd9a65014a022ff2ad3b8fcdcf"}, {"key": "modified", "hash": "da726b1fdf0c5fef343853ecf49a7cf5"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "da726b1fdf0c5fef343853ecf49a7cf5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "ccc91bf3ca399aada097c0d205cd1414"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "viewCount": 1, "history": [], "edition": 1, "objectVersion": "1.2", "reporter": "OSVDB", "title": "DCForum user_register.pl Predictable Password", "affectedSoftware": [{"operator": "eq", "version": "6.21", "name": "DCForum"}, {"operator": "eq", "version": "1.0", "name": "DCForum 2000"}, {"operator": "eq", "version": "5.0", "name": "DCForum"}, {"operator": "eq", "version": "6.0", "name": "DCForum"}], "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2017-04-28T13:19:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0226"]}, {"type": "osvdb", "idList": ["OSVDB:2038"]}], "modified": "2017-04-28T13:19:58", "rev": 2}, "vulnersScore": 6.3}, "references": [], "id": "OSVDB:3866", "hash": "a19c83faccb282070590ce0d1ed8c0d765abc1d82177dbe4e8efc516e36852b1", "lastseen": "2017-04-28T13:19:58", "cvelist": ["CVE-2002-0226"], "modified": "2002-02-02T00:00:00", "description": "## Vulnerability Description\nDCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method user_register.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.\n\n\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. \nHowever, the vendor has released a patch to address this vulnerability.\n## Short Description\nDCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method user_register.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.\n\n\n## References:\nVendor URL: http://www.dcscripts.com/dcforum.shtml\nVendor Specific Solution URL: http://www.dcscripts.com/bugtrac/DCForumID7/3.html\n[Related OSVDB ID: 2038](https://vulners.com/osvdb/OSVDB:2038)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0455.html\nISS X-Force ID: 8044\n[CVE-2002-0226](https://vulners.com/cve/CVE-2002-0226)\nBugtraq ID: 4014\n"}

{"cve": [{"lastseen": "2019-05-29T18:07:38", "bulletinFamily": "NVD", "description": "retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.", "modified": "2016-10-18T02:17:00", "id": "CVE-2002-0226", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0226", "published": "2002-05-16T04:00:00", "title": "CVE-2002-0226", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "description": "## Vulnerability Description\nDCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method retrieve_password.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. \nHowever, the vendor has released a patch to address this vulnerability.\n## Short Description\nDCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method retrieve_password.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.\n## References:\nVendor URL: http://www.dcscripts.com/dcforum.shtml\nVendor Specific Solution URL: http://www.dcscripts.com/bugtrac/DCForumID7/3.html\n[Related OSVDB ID: 3866](https://vulners.com/osvdb/OSVDB:3866)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0396.html\nISS X-Force ID: 8044\n[CVE-2002-0226](https://vulners.com/cve/CVE-2002-0226)\nBugtraq ID: 4014\n", "modified": "2002-01-31T00:00:00", "published": "2002-01-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:2038", "id": "OSVDB:2038", "type": "osvdb", "title": "DCForum retrieve_password.pl Predictable Password ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}