Unrated severityNVD Advisory· Published May 16, 2002· Updated Jun 16, 2026
CVE-2002-0226
CVE-2002-0226
Description
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
Affected products
5Patches
Vulnerability mechanics
References
6- www.iss.net/security_center/static/8044.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/4014nvdPatchVendor Advisory
- marc.infonvd
- www.dcscripts.com/bugtrac/DCForumID7/3.htmlnvd
- www.osvdb.org/2038nvd
- www.osvdb.org/3866nvd
News mentions
0No linked articles in our index yet.