CVE-2010-4626

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
mybbmybb
𝑥
≤ 1.4.11
mybbmybb
1.00
mybbmybb
1.01
mybbmybb
1.1.0
mybbmybb
1.1.1
mybbmybb
1.1.2
mybbmybb
1.1.3
mybbmybb
1.1.4
mybbmybb
1.1.5
mybbmybb
1.1.6
mybbmybb
1.1.7
mybbmybb
1.1.8
mybbmybb
1.02
mybbmybb
1.2
mybbmybb
1.2.0
mybbmybb
1.2.1
mybbmybb
1.2.2
mybbmybb
1.2.3
mybbmybb
1.2.4
mybbmybb
1.2.5
mybbmybb
1.2.6
mybbmybb
1.2.7
mybbmybb
1.2.8
mybbmybb
1.2.9
mybbmybb
1.2.10
mybbmybb
1.2.11
mybbmybb
1.2.12
mybbmybb
1.2.13
mybbmybb
1.03
mybbmybb
1.04
mybbmybb
1.4.0
mybbmybb
1.4.2
mybbmybb
1.4.3
mybbmybb
1.4.6
mybbmybb
1.4.8
mybbmybb
1.4.9
mybbmybb
1.4.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
http://dev.mybboard.net/issues/843
http://dev.mybboard.net/projects/mybb/repository/revisions/4872
http://openwall.com/lists/oss-security/2010/10/08/7
http://openwall.com/lists/oss-security/2010/10/11/8
http://openwall.com/lists/oss-security/2010/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/64516
http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/
http://dev.mybboard.net/issues/843
http://dev.mybboard.net/projects/mybb/repository/revisions/4872
http://openwall.com/lists/oss-security/2010/10/08/7
http://openwall.com/lists/oss-security/2010/10/11/8
http://openwall.com/lists/oss-security/2010/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/64516