Epibite

**Name of the Vulnerable Software and Affected Versions** PunBB versions 1.2.16 and earlier **Description** The password reset feature uses predictable random numbers based on the system time, allowing remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate creation time of the targeted account. **Recommendations** For PunBB versions 1.2.16 and earlier, consider disabling the password reset feature until a fix is available to prevent exploitation. Restrict access to the password reset functionality to minimize the risk of brute force attacks.