Vulnerabilities > CVE-2002-0226 - Unspecified vulnerability in Dcscripts Dcforum

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

dcscripts

NVD

Published: 2002-05-16

Updated: 2024-11-20

Summary

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.

Vulnerable Configurations

Part	Description	Count
Application	Dcscripts Dcscripts Dcforum 6.21 Dcscripts Dcforum 2000 Dcscripts Dcforum 5.0 Dcscripts Dcforum 6.0	4

References

http://marc.info/?l=bugtraq&m=101258311519504&w=2
http://marc.info/?l=bugtraq&m=101258311519504&w=2
http://www.dcscripts.com/bugtrac/DCForumID7/3.html
http://www.dcscripts.com/bugtrac/DCForumID7/3.html
http://www.iss.net/security_center/static/8044.php
http://www.iss.net/security_center/static/8044.php
http://www.osvdb.org/2038
http://www.osvdb.org/2038
http://www.osvdb.org/3866
http://www.osvdb.org/3866
http://www.securityfocus.com/bid/4014
http://www.securityfocus.com/bid/4014