3.5

CVE-2008-1484

EPSS 10.58%
Veröffentlicht 24.03.2008 23:44:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account.  NOTE: this issue might be related to CVE-2006-5737.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Punbb ≫ Punbb Version1.0

Punbb ≫ Punbb Version1.0.1

Punbb ≫ Punbb Version1.0_alpha

Punbb ≫ Punbb Version1.0_beta1

Punbb ≫ Punbb Version1.0_beta2

Punbb ≫ Punbb Version1.0_beta3

Punbb ≫ Punbb Version1.0_rc1

Punbb ≫ Punbb Version1.0_rc2

Punbb ≫ Punbb Version1.1

Punbb ≫ Punbb Version1.1.1

Punbb ≫ Punbb Version1.1.2

Punbb ≫ Punbb Version1.1.3

Punbb ≫ Punbb Version1.1.4

Punbb ≫ Punbb Version1.1.5

Punbb ≫ Punbb Version1.2

Punbb ≫ Punbb Version1.2.1

Punbb ≫ Punbb Version1.2.2

Punbb ≫ Punbb Version1.2.3

Punbb ≫ Punbb Version1.2.4

Punbb ≫ Punbb Version1.2.5

Punbb ≫ Punbb Version1.2.6

Punbb ≫ Punbb Version1.2.7

Punbb ≫ Punbb Version1.2.8

Punbb ≫ Punbb Version1.2.9

Punbb ≫ Punbb Version1.2.10

Punbb ≫ Punbb Version1.2.11

Punbb ≫ Punbb Version1.2.12

Punbb ≫ Punbb Version1.2.13

Punbb ≫ Punbb Version1.2.14

Punbb ≫ Punbb Version1.2.15

Punbb ≫ Punbb Version1.2.16

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.58%	0.93

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

http://osvdb.org/45561

http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt

http://punbb.org/forums/viewtopic.php?id=18460

http://secunia.com/advisories/29043

Vendor Advisory

http://sektioneins.de/advisories/SE-2008-01.txt

http://www.securityfocus.com/archive/1/488408/100/200/threaded

http://www.securityfocus.com/bid/27908

Patch

https://www.exploit-db.com/exploits/5165

https://nvd.nist.gov/vuln/detail/CVE-2008-1484

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1484

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1484

EUVD