VYPR
Unrated severityNVD Advisory· Published Feb 10, 2006· Updated Jun 16, 2026

CVE-2006-0633

CVE-2006-0633

Description

The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.

Affected products

2
  • cpe:2.3:a:invisionpower:invision_power_board:2.1.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:invisionpower:invision_power_board:2.1.4:*:*:*:*:*:*:*
    • (no CPE)range: =2.1.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.