CVE-2002-0226 in DCForuminfo

Summary

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Disclosure

05/16/2002

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

7.3

EPSS

0.01200

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2002-0226
NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0226
CVE Details	https://www.cvedetails.com/cve/CVE-2002-0226/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!