CVE-2006-0633

Invisionpower Invision Power Board - Authentication Bypass

Title source: rule

Description

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

References (2)

[Patch] http://www.r-security.net/tutorials/view/readtutorial.php?id=4

[Various Sources] http://forums.invisionpower.com/lofiversion/index.php/t200085.html

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

invisionpower/invision_power_board

Timeline

Published Feb 10, 2006

Tracked Since Feb 18, 2026