PT-2009-2440 · Simple Machines · Simple Machines Forum
Raz0R
·
Publicado
2009-08-13
·
Atualizado
2017-09-29
·
CVE-2008-6971
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Simple Machines Forum versions 1.0.x through 1.0.13
Simple Machines Forum versions 1.1.x through 1.1.5
Simple Machines Forum versions 2.0 before beta 4
Description:
The password reset functionality in Simple Machines Forum includes clues about the random number generator state within a hidden form field and generates predictable validation codes. This allows remote attackers to modify passwords of other users and gain privileges.
Recommendations:
For Simple Machines Forum versions 1.0.x through 1.0.13, update to version 1.0.14 or later.
For Simple Machines Forum versions 1.1.x through 1.1.5, update to version 1.1.6 or later.
For Simple Machines Forum versions 2.0 before beta 4, update to beta 4 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Simple Machines Forum