PunBB Password Reset Weak Random Number Security Bypass Vulnerability

Bugtraq ID:	27908
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 20 2008 12:00AM
Updated:	Feb 21 2008 07:23PM
Credit:	Stefan Esser is credited with discovering this vulnerability.
Vulnerable:	PunBB PunBB 1.2.16 PunBB PunBB 1.2.15 PunBB PunBB 1.2.14 PunBB PunBB 1.2.13 PunBB PunBB 1.2.12 PunBB PunBB 1.2.11 PunBB PunBB 1.2.10 PunBB PunBB 1.2.10 PunBB PunBB 1.2.9 PunBB PunBB 1.2.8 PunBB PunBB 1.2.7 PunBB PunBB 1.2.6 PunBB PunBB 1.2.5 PunBB PunBB 1.2.4 PunBB PunBB 1.2.3 PunBB PunBB 1.2.2 PunBB PunBB 1.2.1 PunBB PunBB 1.1.5 PunBB PunBB 1.1.4 PunBB PunBB 1.1.3 PunBB PunBB 1.1.2 PunBB PunBB 1.1.1 PunBB PunBB 1.1 PunBB PunBB 1.0.1 PunBB PunBB 1.0 RC2 PunBB PunBB 1.0 RC1 PunBB PunBB 1.0 _beta3 PunBB PunBB 1.0 _beta2 PunBB PunBB 1.0 _beta1 PunBB PunBB 1.0 _alpha PunBB PunBB 1.0

Not Vulnerable:	PunBB PunBB 1.2.17