Loading
Generated remediation guidance and an executive summary. No account required.
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
Use Phpbb Group vendor hub and Phpbb product page to widen CVE-2006-0632 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2007-1695, CVE-2006-6841 and CVE-2006-6840 for nearby disclosures in the same product family.