CVE-2006-0633

Name of the Vulnerable Software and Affected Versions Invision Power Board version 2.1.4

Description The issue concerns the generation of authentication codes for lost passwords. Specifically, the make password function in ipsclass.php uses random data generated from partially predictable seeds, which could make it easier for remote attackers to guess the code. This might allow attackers to change the password for an account, potentially involving a large number of requests.

Recommendations For Invision Power Board version 2.1.4, consider modifying the make password function to use more unpredictable seeds for generating authentication codes, or implement additional security measures to prevent brute-force guessing of the authentication code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.