CVE-2006-0633
Invision Power Board 2.1.4 - Weak Password Reset Code Generation
Title source: llmDescription
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://forums.invisionpower.com/lofiversion/index.php/t200085.html
Patch x_refsource_misc
http://www.r-security.net/tutorials/view/readtutorial.php?id=4
Scores
EPSS
0.0120
EPSS Percentile
64.4%
Details
CWE
CWE-287
Status
published
Products (1)
invisionpower/invision_power_board
2.1.4
Published
Feb 10, 2006
Tracked Since
Feb 18, 2026