VYPR
Unrated severityNVD Advisory· Published May 16, 2002· Updated Jun 16, 2026

CVE-2002-0226

CVE-2002-0226

Description

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.

Affected products

5
  • cpe:2.3:a:dcscripts:dcforum:2000:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:dcscripts:dcforum:2000:*:*:*:*:*:*:*
    • cpe:2.3:a:dcscripts:dcforum:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dcscripts:dcforum:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dcscripts:dcforum:6.21:*:*:*:*:*:*:*
    • (no CPE)range: <=6.x, <=2000

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.