CVE-2002-1846 Information

Description

Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password which allows remote attackers to modify passwords by stealing the cookie of another user modifying the expiretime setting and submitting the change in a profile2 action to index.php.

Reference

http://online.securityfocus.com/archive/1/296121