CVE-2006-3204

Published: Jun 24, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and the ciphertext, which is set in the pass_env cookie.

Affected (4)

Products: Ultimate Php Board: Ultimate Php Board

Ultimate Php Board

1 product

Ultimate Php Board

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Ultimate Php Board Ultimate Php Board	Version 1.8.2
Ultimate Php Board Ultimate Php Board	Version 1.8
Ultimate Php Board Ultimate Php Board	Version 1.9.6
Ultimate Php Board Ultimate Php Board	Version 1.9

References (6)

http://securityreason.com/securityalert/1138

Source: cve@mitre.org

http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt

Source: cve@mitre.org

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/437875/100/0/threaded

Source: cve@mitre.org

http://securityreason.com/securityalert/1138

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kliconsulting.com/users/mbrooks/UPB_0-day.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitURL Repurposed

http://www.securityfocus.com/archive/1/437875/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.