NVD

Id
15873  
Name
CVE-2010-4626  
Description
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account"s password, and then conducting a brute-force attack.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-12-30  
Modified Date
2011-01-11  
Seq
2010-4626  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
89936 15873 CVE-2010-4626 http://blog.mybb.com/2010/04/13/mybb-1-4-12-released-security-maintenance-update/  View
89937 15873 CVE-2010-4626 http://dev.mybboard.net/issues/843  View
89938 15873 CVE-2010-4626 http://dev.mybboard.net/projects/mybb/repository/revisions/4872  View
89939 15873 CVE-2010-4626 [oss-security] 20101008 CVE request: mybb before 1.4.11 and before 1.4.12  View
89940 15873 CVE-2010-4626 [oss-security] 20101011 Re: CVE request: mybb before 1.4.11 and before 1.4.12  View
89941 15873 CVE-2010-4626 [oss-security] 20101206 Re: CVE request: mybb before 1.4.11 and before 1.4.12  View
89942 15873 CVE-2010-4626 mybb-myrand-unauth-access(64516)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37777 JVNDB-2010-003562 MyBB の my_rand 関数における任意のアカウントへのアクセスを取得される脆弱性 MyBB の functions.php の my_rand 関数は、PHP mt_rand 関数を適切に使用しないため、任意のアカウントへのアクセスを取得される脆弱性が存在します。 CVE-2010-4626 47206 CVE-2010-4626 15873 5.1 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003562.html 2010-04-03 2012-03-27 View