Strix
26.1K

CVE-2008-1484

UnknownEPSS 4.52%

Last modified

CVE-2008-1484 is a vulnerability of currently unknown severity. The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.. EPSS estimates a 4.52% chance of exploitation in the next 30 days.

Description

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.

Metrics

EPSS Probability
4.52%

90.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
PunbbPunbb1.0
PunbbPunbb1.0.1
PunbbPunbb1.0_alpha
PunbbPunbb1.0_beta1
PunbbPunbb1.0_beta2
PunbbPunbb1.0_beta3
PunbbPunbb1.0_rc1
PunbbPunbb1.0_rc2
PunbbPunbb1.1
PunbbPunbb1.1.1
PunbbPunbb1.1.2
PunbbPunbb1.1.3
PunbbPunbb1.1.4
PunbbPunbb1.1.5
PunbbPunbb1.2
PunbbPunbb1.2.1
PunbbPunbb1.2.2
PunbbPunbb1.2.3
PunbbPunbb1.2.4
PunbbPunbb1.2.5
PunbbPunbb1.2.6
PunbbPunbb1.2.7
PunbbPunbb1.2.8
PunbbPunbb1.2.9
PunbbPunbb1.2.10
PunbbPunbb1.2.11
PunbbPunbb1.2.12
PunbbPunbb1.2.13
PunbbPunbb1.2.14
PunbbPunbb1.2.15
PunbbPunbb1.2.16

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2008-1484?
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
How severe is CVE-2008-1484?
Severity scoring for CVE-2008-1484 is pending analysis. The EPSS model estimates a 4.52% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1484?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1484?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST