lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060205084925.8521.qmail@securityfocus.com> Date: 5 Feb 2006 08:49:25 -0000 From: chinchilla@...il.com To: bugtraq@...urityfocus.com Subject: Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. I. DESCRIPTION Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. II. DETAILS Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by "predicting" the validation id and the new password for the account. Worst case scenario (for the attacker) is that he will have to send 1 million requests to reset the password and 1 million requests to get the new password. For more info visit http://www.r-security.net/tutorials/view/readtutorial.php?id=4