CVE-2008-1484

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account.  NOTE: this issue might be related to CVE-2006-5737.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
punbbpunbb
1.0
punbbpunbb
1.0.1
punbbpunbb
1.0_alpha:_alpha
punbbpunbb
1.0_beta1:_beta1
punbbpunbb
1.0_beta2:_beta2
punbbpunbb
1.0_beta3:_beta3
punbbpunbb
1.0_rc1:_rc1
punbbpunbb
1.0_rc2:_rc2
punbbpunbb
1.1
punbbpunbb
1.1.1
punbbpunbb
1.1.2
punbbpunbb
1.1.3
punbbpunbb
1.1.4
punbbpunbb
1.1.5
punbbpunbb
1.2
punbbpunbb
1.2.1
punbbpunbb
1.2.2
punbbpunbb
1.2.3
punbbpunbb
1.2.4
punbbpunbb
1.2.5
punbbpunbb
1.2.6
punbbpunbb
1.2.7
punbbpunbb
1.2.8
punbbpunbb
1.2.9
punbbpunbb
1.2.10
punbbpunbb
1.2.11
punbbpunbb
1.2.12
punbbpunbb
1.2.13
punbbpunbb
1.2.14
punbbpunbb
1.2.15
punbbpunbb
1.2.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/45561
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
http://punbb.org/forums/viewtopic.php?id=18460
http://secunia.com/advisories/29043
http://sektioneins.de/advisories/SE-2008-01.txt
http://www.securityfocus.com/archive/1/488408/100/200/threaded
http://www.securityfocus.com/bid/27908
https://www.exploit-db.com/exploits/5165
http://osvdb.org/45561
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
http://punbb.org/forums/viewtopic.php?id=18460
http://secunia.com/advisories/29043
http://sektioneins.de/advisories/SE-2008-01.txt
http://www.securityfocus.com/archive/1/488408/100/200/threaded
http://www.securityfocus.com/bid/27908
https://www.exploit-db.com/exploits/5165