PT-2011-2753 · Vanilla · Vanilla Forums

Timvanilla Staff

Publicado

2011-02-08

Atualizado

2020-06-04

CVE-2011-0910

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Vanilla Forums versions prior to 2.0.17.6

Description The issue makes it easier for remote attackers to spoof signed requests and obtain access to arbitrary user accounts via HMAC timing attacks. This allows attackers to potentially gain unauthorized access to user accounts.

Recommendations For versions prior to 2.0.17.6, update to version 2.0.17.6 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2011-0910

Produtos afetados

Vanilla Forums

PT-2011-2753 · Vanilla · Vanilla Forums

CVE-2011-0910

Identificadores relacionados

Produtos afetados

Referências · 3