CVE-2008-1484

EUVD-2008-1486
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account.  NOTE: this issue might be related to CVE-2006-5737.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
punbbpunbb
1.0
punbbpunbb
1.0.1
punbbpunbb
1.0_alpha:_alpha
punbbpunbb
1.0_beta1:_beta1
punbbpunbb
1.0_beta2:_beta2
punbbpunbb
1.0_beta3:_beta3
punbbpunbb
1.0_rc1:_rc1
punbbpunbb
1.0_rc2:_rc2
punbbpunbb
1.1
punbbpunbb
1.1.1
punbbpunbb
1.1.2
punbbpunbb
1.1.3
punbbpunbb
1.1.4
punbbpunbb
1.1.5
punbbpunbb
1.2
punbbpunbb
1.2.1
punbbpunbb
1.2.2
punbbpunbb
1.2.3
punbbpunbb
1.2.4
punbbpunbb
1.2.5
punbbpunbb
1.2.6
punbbpunbb
1.2.7
punbbpunbb
1.2.8
punbbpunbb
1.2.9
punbbpunbb
1.2.10
punbbpunbb
1.2.11
punbbpunbb
1.2.12
punbbpunbb
1.2.13
punbbpunbb
1.2.14
punbbpunbb
1.2.15
punbbpunbb
1.2.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/45561
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
http://punbb.org/forums/viewtopic.php?id=18460
http://secunia.com/advisories/29043
http://sektioneins.de/advisories/SE-2008-01.txt
http://www.securityfocus.com/archive/1/488408/100/200/threaded
http://www.securityfocus.com/bid/27908
https://www.exploit-db.com/exploits/5165
http://osvdb.org/45561
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
http://punbb.org/forums/viewtopic.php?id=18460
http://secunia.com/advisories/29043
http://sektioneins.de/advisories/SE-2008-01.txt
http://www.securityfocus.com/archive/1/488408/100/200/threaded
http://www.securityfocus.com/bid/27908
https://www.exploit-db.com/exploits/5165