CVE-2006-0632

Name of the Vulnerable Software and Affected Versions phpBB version 2.0.19

Description The issue concerns the generation of activation keys, also known as "validation IDs", which are sent via email when setting up a password. The gen rand string function uses insufficiently random data, making it easier for remote attackers to guess the key. This could allow attackers to modify passwords for existing accounts or create new accounts.

Recommendations For phpBB version 2.0.19, consider updating to a newer version that addresses this issue, as the current implementation of the gen rand string function poses a significant risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.