2 matches found
CVE-2008-1484
PunBB 1.2.16 and earlier has a vulnerability in the password reset mechanism where the seed for the reset token is derived from the system time, enabling remote authenticated users to brute-force and determine a new password. The issue affects PunBB’s password reset function and can be exploited ...
CVE-2008-1484
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE:...