Lucene search

PRIOn knowledge basePRION:CVE-2006-0632

HistoryFeb 10, 2006 - 11:02 a.m.

Design/Logic Flaw

2006-02-1011:02:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.4%

JSON

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key (“validation ID”) that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

CPENameOperatorVersion
phpbbeq2.0.5
phpbbeq2.0.797
phpbbeq2.0.8
phpbbeq2.0.11
phpbbeq2.0.1
phpbbeq2.0.13
phpbbeq2.0.16
phpbbeq2.0.3
phpbbeq2.0.0-rc2
phpbbeq2.0.0-rc1

Name	Operator	Version
phpbb	eq	2.0.5
phpbb	eq	2.0.797
phpbb	eq	2.0.8
phpbb	eq	2.0.11
phpbb	eq	2.0.1
phpbb	eq	2.0.13
phpbb	eq	2.0.16
phpbb	eq	2.0.3
phpbb	eq	2.0.0-rc2
phpbb	eq	2.0.0-rc1

Rows per page:

1-10 of 291

References

secunia.com/advisories/18727

www.osvdb.org/22949

www.r-security.net/tutorials/view/readtutorial.php?id=4

www.securityfocus.com/archive/1/424074/100/0/threaded

www.vupen.com/english/advisories/2006/0461

exchange.xforce.ibmcloud.com/vulnerabilities/24573

7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for PRION:CVE-2006-0632