3 matches found
CVE-2002-0226
retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...
CVE-2002-0226
CVE-2002-0226 relates to DCForum 6.x and 2000. The flaw is that retrieve_password.pl generates new passwords using a sessionID, enabling a remote attacker to request a new password for another user and calculate that user’s new password from the sessionID. The connected documents confirm the affe...
CVE-2002-0226
retrievepassword.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user...