Vulnerability Description
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Punbb | Punbb | 1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/45561
- http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
- http://punbb.org/forums/viewtopic.php?id=18460
- http://secunia.com/advisories/29043Vendor Advisory
- http://sektioneins.de/advisories/SE-2008-01.txt
- http://www.securityfocus.com/archive/1/488408/100/200/threaded
- http://www.securityfocus.com/bid/27908Patch
- https://www.exploit-db.com/exploits/5165
- http://osvdb.org/45561
- http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
- http://punbb.org/forums/viewtopic.php?id=18460
- http://secunia.com/advisories/29043Vendor Advisory
- http://sektioneins.de/advisories/SE-2008-01.txt
- http://www.securityfocus.com/archive/1/488408/100/200/threaded
- http://www.securityfocus.com/bid/27908Patch
FAQ
What is CVE-2008-1484?
CVE-2008-1484 is a vulnerability with a CVSS score of 3.5 (LOW). The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force...
How severe is CVE-2008-1484?
CVE-2008-1484 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1484?
Check the references section above for vendor advisories and patch information. Affected products include: Punbb Punbb.