Vulnerability Description
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Woltlab | Burning Board | 1.1.1 |
References
- http://online.securityfocus.com/archive/1/274269
- http://www.iss.net/security_center/static/9177.phpVendor Advisory
- http://www.securityfocus.com/bid/4859ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/274269
- http://www.iss.net/security_center/static/9177.phpVendor Advisory
- http://www.securityfocus.com/bid/4859ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0903?
CVE-2002-0903 is a vulnerability with a CVSS score of 7.5 (HIGH). register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictabl...
How severe is CVE-2002-0903?
CVE-2002-0903 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0903?
Check the references section above for vendor advisories and patch information. Affected products include: Woltlab Burning Board.