CVE-2006-0633

Invision Power Board 2.1.4 - Weak Password Reset Code Generation

Title source: llm
STIX 2.1

Description

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

References (2)

Core 2

Scores

EPSS 0.0120
EPSS Percentile 64.4%

Details

CWE
CWE-287
Status published
Products (1)
invisionpower/invision_power_board 2.1.4
Published Feb 10, 2006
Tracked Since Feb 18, 2026