CVE Vulnerabilities

CVE-2010-4626

Published: Dec 30, 2010 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.1 MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the accounts password, and then conducting a brute-force attack.

Affected Software

Name Vendor Start Version End Version
Mybb Mybb 1.2.10 1.2.10
Mybb Mybb 1.2.8 1.2.8
Mybb Mybb 1.4.3 1.4.3
Mybb Mybb 1.04 1.04
Mybb Mybb 1.1.1 1.1.1
Mybb Mybb 1.1.3 1.1.3
Mybb Mybb 1.2.2 1.2.2
Mybb Mybb 1.2.9 1.2.9
Mybb Mybb 1.4.8 1.4.8
Mybb Mybb 1.2.1 1.2.1
Mybb Mybb 1.01 1.01
Mybb Mybb 1.1.6 1.1.6
Mybb Mybb 1.2.6 1.2.6
Mybb Mybb 1.4.0 1.4.0
Mybb Mybb 1.2.0 1.2.0
Mybb Mybb 1.4.9 1.4.9
Mybb Mybb 1.02 1.02
Mybb Mybb 1.2.5 1.2.5
Mybb Mybb 1.4.2 1.4.2
Mybb Mybb 1.1.8 1.1.8
Mybb Mybb 1.2.11 1.2.11
Mybb Mybb 1.1.5 1.1.5
Mybb Mybb 1.2.13 1.2.13
Mybb Mybb 1.4.6 1.4.6
Mybb Mybb 1.1.0 1.1.0
Mybb Mybb 1.2.3 1.2.3
Mybb Mybb 1.4.10 1.4.10
Mybb Mybb 1.2.7 1.2.7
Mybb Mybb 1.1.7 1.1.7
Mybb Mybb 1.1.4 1.1.4
Mybb Mybb 1.03 1.03
Mybb Mybb * 1.4.11
Mybb Mybb 1.00 1.00
Mybb Mybb 1.2.4 1.2.4
Mybb Mybb 1.2 1.2
Mybb Mybb 1.2.12 1.2.12
Mybb Mybb 1.1.2 1.1.2

References