Vulnerabilities > CVE-2006-0632 - Unspecified vulnerability in PHPbb Group PHPbb

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
phpbb-group
NVD
Published: 2006-02-10
Updated: 2024-11-21

Summary

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

Vulnerable Configurations

Part Description Count
Application
Phpbb_Group
29

References