DCForum user_register.pl Predictable Password

2002-02-02T00:00:00
ID OSVDB:3866
Type osvdb
Reporter OSVDB
Modified 2002-02-02T00:00:00

Description

Vulnerability Description

DCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method user_register.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Short Description

DCForum contains a flaw that allows a remote attacker to predict newly created account passwords. The issue is due to a flaw in the method user_register.pl uses when generating passwords. New passwords are created based on user information and session ID information, which is easily predictable.

References:

Vendor URL: http://www.dcscripts.com/dcforum.shtml Vendor Specific Solution URL: http://www.dcscripts.com/bugtrac/DCForumID7/3.html Related OSVDB ID: 2038 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0455.html ISS X-Force ID: 8044 CVE-2002-0226 Bugtraq ID: 4014