Vulnerability Description
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Invisionpower | Invision Power Board | 2.1.4 |
Related Weaknesses (CWE)
References
- http://forums.invisionpower.com/lofiversion/index.php/t200085.html
- http://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
- http://forums.invisionpower.com/lofiversion/index.php/t200085.html
- http://www.r-security.net/tutorials/view/readtutorial.php?id=4Patch
FAQ
What is CVE-2006-0633?
CVE-2006-0633 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a...
How severe is CVE-2006-0633?
CVE-2006-0633 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0633?
Check the references section above for vendor advisories and patch information. Affected products include: Invisionpower Invision Power Board.