CVE-2002-0903

Name of the Vulnerable Software and Affected Versions: WoltLab Burning Board (wbboard) version 1.1.1

Description: The issue allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value. This is possible because the register.php file uses a small number of random values for the code parameter provided to action.php to approve a new registration, along with predictable new user ID's.

Recommendations: For WoltLab Burning Board (wbboard) version 1.1.1, consider implementing a more secure method for generating and verifying the code parameter, such as using a sufficient number of random values and making the new user ID's less predictable, until a patch is available. As a temporary workaround, restrict access to the action.php file to minimize the risk of exploitation.