MyBB Insecure Random Password Generation Vulnerability
BID:39404
Info
MyBB Insecure Random Password Generation Vulnerability
| Bugtraq ID: | 39404 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 13 2010 12:00AM |
| Credit: | Stefan Esser |
| Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.4.11 |
| Not Vulnerable: |
MyBulletinBoard MyBulletinBoard 1.4.12 |
Discussion
MyBB Insecure Random Password Generation Vulnerability
MyBB is prone to an insecure random password generation vulnerability.
Successfully exploiting this issue may allow an attacker to guess randomly generated passwords.
Versions of MyBB prior to 1.4.12 are vulnerable.
MyBB is prone to an insecure random password generation vulnerability.
Successfully exploiting this issue may allow an attacker to guess randomly generated passwords.
Versions of MyBB prior to 1.4.12 are vulnerable.
Exploit / POC
MyBB Insecure Random Password Generation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
MyBB Insecure Random Password Generation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
MyBB Insecure Random Password Generation Vulnerability
References:
References:
- MyBB 1.4.12 Released �?? Security & Maintenance Update (MyBulletinBoard)
- MyBB Password Reset Weak Random Numbers Vulnerability (Stefan Esser)
- MyBulletinBoard Homepage (MyBulletinBoard)