Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
II. DETAILS
Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form b...
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
II. DETAILS
Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form b...
[ more ]