CVE-2006-0633

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

Published: Feb 10, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0633
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
invisionpower / invision_power_board	2.1.4	2.1.4.x

http://forums.invisionpower.com/lofiversion/index.php/t200085.html
http://www.r-security.net/tutorials/view/readtutorial.php?id=4

Vulnerability Database

289,599

CVE-2006-0633