2 matches found
Design/Logic Flaw
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...
CVE-2006-5737
PunBB is affected by CVE-2006-5737. The vulnerability arises from a predictable cookie_seed value that can be derived from the time of registration/installation of the superadmin account, which may allow local users to perform unauthorized actions. The available sources describe the root cause as...