Vulnerabilities > CVE-2002-0226 - Unspecified vulnerability in Dcscripts Dcforum
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |