Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
II. DETAILS
Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by "predicting" the validation id and the new password for the account. Worst case scenario (for the attacker) is that he will have to send 1 million requests to reset the password and 1 million requests to get the new password.
For more info visit http://www.r-security.net/tutorials/view/readtutorial.php?id=4
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
II. DETAILS
Due to poor design the gen_rand_string() can only generate upto 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by "predicting" the validation id and the new password for the account. Worst case scenario (for the attacker) is that he will have to send 1 million requests to reset the password and 1 million requests to get the new password.
For more info visit http://www.r-security.net/tutorials/view/readtutorial.php?id=4
[ reply ]