Dcscripts: >> Dcforum >> 2000 Security Vulnerabilities
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
CVSS Score
7.5
EPSS Score
0.012
Published
2002-05-16