Bugtraq mailing list archives

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.

From: chinchilla () gmail com
Date: 5 Feb 2006 08:49:25 -0000

I. DESCRIPTION

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.


II. DETAILS

Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an 
attacker to reset any account through the lost password request form by "predicting" the validation id and the new 
password for the account. Worst case scenario (for the attacker) is that he will have to send 1 million requests to 
reset the password and 1 million requests to get the new password.


For more info visit http://www.r-security.net/tutorials/view/readtutorial.php?id=4

Current thread:

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under. chinchilla (Feb 06)