PunBB < 1.2.17 Password Reset Information Disclosure
High Nessus Network Monitor Plugin ID 4391
SynopsisThe remote host relies on pseudo-random data within the authentication process.
DescriptionThe version of PunBB installed on the remote host is vulnerable to a password attack. There is a flaw in the way that PunBB generates random passwords and cookie seeds. An attacker exploiting this flaw would be able to run efficient brute-force attacks against passwords that had been recently reset. The root cause of this flaw seems to be the use of the PHP 'mt_rand()' function which gives, at most, 1,000,000 possible outputs.
SolutionUpgrade to version 1.2.17 or higher.