Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.



> -----Original Message-----
> From: chinchilla@xxxxxxxxx [mailto:chinchilla@xxxxxxxxx] 
> Sent: Sunday, February 05, 2006 11:49 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Easily exploitable Pseudo Random Number generator in 
> phpbb version 2.0.19 and under.
> 
> I. DESCRIPTION
> 
> Easily exploitable Pseudo Random Number generator in phpbb 
> version 2.0.19 and under.
> 
> 
> II. DETAILS
> 
> Due to poor design the gen_rand_string() can only generate 
> upto 1 million hashes or random strings. This allow an 
> attacker to reset any account through the lost password 
> request form by "predicting" the validation id and the new 
> password for the account. Worst case scenario (for the 
> attacker) is that he will have to send 1 million requests to 
> reset the password and 1 million requests to get the new password.
> 
> 
> For more info visit 
> http://www.r-security.net/tutorials/view/readtutorial.php?id=4
> 



 




Copyright © Lexa Software, 1996-2009.