Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2006-0632

CVE-2006-0632

UNKNOWN

The gen_rand_string function in phpBB 2

Published Feb 10, 2006

Modified 1 years ago

Details

The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.

References

ADVISORYhttp://secunia.com/advisories/18727 WEBhttp://www.osvdb.org/22949 WEBhttp://www.r-security.net/tutorials/view/readtutorial.php?id=4 WEBhttp://www.securityfocus.com/archive/1/424074/100/0/threaded WEBhttp://www.vupen.com/english/advisories/2006/0461 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24573 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2006-0632

CVSS Analysis

CVSS v2.0

6.4

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

NoneA:N

6.4/AV:N/AC:L/Au:N/C:P/I:P/A:N

Ecosystems

Timeline

PublishedFeb 10, 2006

ModifiedAug 7, 2024

CVE-2006-0632 | Mondoo Vulnerability Intelligence