Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0633

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-0633
Last Modified 03 Jan 2013 12:00:00
Published 10 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0633

Summary

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

Vulnerable Systems

Application

  • Invisionpower Invision Power Board 2.1.4


References

MISC - http://www.r-security.net/tutorials/view/readtutorial.php?id=4

MISC - http://forums.invisionpower.com/lofiversion/index.php/t200085.html


Last Updated: 27 May 2016 10:51:49