Описание
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needed |
| feisty | released | 2.0.21-6 |
| gutsy | released | 2.0.21-6 |
| hardy | released | 2.0.21-6 |
| intrepid | released | 2.0.21-6 |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
6.4 Medium
CVSS2
Связанные уязвимости
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
The gen_rand_string function in phpBB 2.0.19 uses insufficiently rando ...
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
6.4 Medium
CVSS2