CVE-2006-0632Sensitive Information Exposure in Phpbb

CWE-200Sensitive Information Exposure4 documents2 sources
Severity
6.4MEDIUMNVD
NVD5.0
EPSS
1.0%
top 23.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpbbPhpbb Group Phpbb
Timeline
PublishedFeb 10
Latest updateMay 2

Description

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDphpbb_group/phpbb29 versions+28

🔴Vulnerability Details

2
GHSA
GHSA-hp9f-9w77-qm8f: The search function in phpBB 22022-05-02
GHSA
GHSA-3265-vrfj-hjqg: The gen_rand_string function in phpBB 22022-05-01