Unrated severityNVD Advisory· Published Mar 24, 2008· Updated Apr 23, 2026
CVE-2008-1484
CVE-2008-1484
Description
The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. NOTE: this issue might be related to CVE-2006-5737.
Affected products
31cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*+ 30 more
- cpe:2.3:a:punbb:punbb:1.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0_beta3:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:punbb:punbb:1.2.13:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.securityfocus.com/bid/27908nvdPatch
- secunia.com/advisories/29043nvdVendor Advisory
- osvdb.org/45561nvd
- punbb.org/download/changelogs/1.2.16_to_1.2.17.txtnvd
- punbb.org/forums/viewtopic.phpnvd
- sektioneins.de/advisories/SE-2008-01.txtnvd
- www.securityfocus.com/archive/1/488408/100/200/threadednvd
- www.exploit-db.com/exploits/5165nvd
News mentions
0No linked articles in our index yet.