CVE-2006-5737 - PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the

CVE-2006-5737

Summary

PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions.

References

http://securitytracker.com/id?1017131
http://www.osvdb.org/30134
http://www.securityfocus.com/archive/1/450055/100/0/threaded
http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities

Vulnerable Configurations

cpe:2.3:a:punbb:punbb:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:punbb:punbb:1.2.14:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20061030 Punbb <= 1.2.13 Multiple Vulnerabilities
misc	http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities
osvdb	30134
sectrack	1017131

Last major update

17-10-2018 - 21:44

Published

06-11-2006 - 18:07

Last modified

17-10-2018 - 21:44