Description: A security issue has been reported in phpBB, which can be exploited by malicious users to bypass certain security restrictions. The application does not properly restrict access to the functionality required to activate deactivated accounts. This can be exploited to re-activate deactivated accounts without the required privileges. Solution: Update to version 3.0.4
Added www-apps/phpBB-3.0.4, removed vulnerable version 3.0.2 and 3.0.3. Unstable on all archs. webapps done.
All done, closing the bug.
CVE-2008-6506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6506): Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. CVE-2008-6507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6507): Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum.
