Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.
I. DESCRIPTION
Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and
under.
II. DETAILS
Due to poor design the gen_rand_string() can only generate upto 1 million
hashes or random strings. This allow an attacker to reset any account through
the lost password request form by "predicting" the validation id and the new
password for the account. Worst case scenario (for the attacker) is that he
will have to send 1 million requests to reset the password and 1 million
requests to get the new password.
For more info visit
http://www.r-security.net/tutorials/view/readtutorial.php?id=4