<<< Date Index >>>     <<< Thread Index >>>

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and under.



I. DESCRIPTION

Easily exploitable Pseudo Random Number generator in phpbb version 2.0.19 and 
under.


II. DETAILS

Due to poor design the gen_rand_string() can only generate upto 1 million 
hashes or random strings. This allow an attacker to reset any account through 
the lost password request form by "predicting" the validation id and the new 
password for the account. Worst case scenario (for the attacker) is that he 
will have to send 1 million requests to reset the password and 1 million 
requests to get the new password.


For more info visit 
http://www.r-security.net/tutorials/view/readtutorial.php?id=4