PT-2011-2892 · Simple Machines · Simple Machines Forum

Norv

Publicado

2011-06-21

Atualizado

2011-06-29

CVE-2011-1128

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5

Description The issue is related to the loadUserSettings function in Load.php, which does not properly handle invalid login attempts. This could make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.

Recommendations For Simple Machines Forum (SMF) versions prior to 1.1.13, update to version 1.1.13 or later. For Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2011-1128

Produtos afetados

Simple Machines Forum

PT-2011-2892 · Simple Machines · Simple Machines Forum

CVE-2011-1128

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6