Insecure Random Number Generation in MyBB (MyBulletinBoard) Allows for Brute-Force Account Takeover
CVE-2010-4626 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:P
The my_rand function in functions.php in MyBB (aka MyBulletinBoard) before 1.4.12 does not properly use the PHP mt_rand function, which makes it easier for remote attackers to obtain access to an arbitrary account by requesting a reset of the account's password, and then conducting a brute-force attack.
Learn more about our Web Application Penetration Testing UK.