Summary
The host has Simple Machines Forum, which is prone to security bypass vulnerability.
Impact
Attackers can guess the validation code and reset the user password to the one of their choice.
Impact Level : Application
Solution
Update to version 1.1.6
http://download.simplemachines.org/
CVSS Temporal Score : 5.0
Insight
The vulnerability exists due to the application generating weak validation codes for the password reset functionality which allows for easy validation code guessing attack.
Affected
Simple Machines Forum versions prior to 1.1.6 on
References
Severity
Classification
-
CVE CVE-2008-6971 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Acidcat CMS Multiple Vulnerabilities
- Allegro RomPager `Misfortune Cookie` Vulnerability
- AstroSPACES profile.php SQL Injection Vulnerability