CVE-2008-1484

PunBB <= 1.2.16 - Authenticated Password Reset Brute Force via Predictable Random Seed

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1484. PoCs published by EpiBite.

AI-analyzed exploit summary This exploit targets a password reset vulnerability in PunBB 1.2.16 by brute-forcing the seed and SRAND values to generate a valid password reset key for the admin account. It leverages weak randomness in the password reset mechanism to bypass authentication.

Description

The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.

Exploits (1)

exploitdb WORKING POC VERIFIED
by EpiBite · phpwebappsphp
https://www.exploit-db.com/exploits/5165

This exploit targets a password reset vulnerability in PunBB 1.2.16 by brute-forcing the seed and SRAND values to generate a valid password reset key for the admin account. It leverages weak randomness in the password reset mechanism to bypass authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: PunBB 1.2.16
No auth needed
Prerequisites: Access to the target PunBB forum · Valid user account credentials for initial login
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488408/100/200/threaded
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27908
Various Sources x_refsource_confirm
http://punbb.org/forums/viewtopic.php?id=18460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29043
Various Sources x_refsource_misc
http://sektioneins.de/advisories/SE-2008-01.txt
Various Sources x_refsource_confirm
http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/45561
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5165

Scores

EPSS 0.0452
EPSS Percentile 90.3%

Details

CWE
CWE-264
Status published
Products (31)
punbb/punbb 1.0
punbb/punbb 1.0.1
punbb/punbb 1.0_alpha
punbb/punbb 1.0_beta1
punbb/punbb 1.0_beta2
punbb/punbb 1.0_beta3
punbb/punbb 1.0_rc1
punbb/punbb 1.0_rc2
punbb/punbb 1.1
punbb/punbb 1.1.1
... and 21 more
Published Mar 24, 2008
Tracked Since Feb 18, 2026