Simple Machines Forum Password Reset Vulnerability Network Vulnerability

Summary

The host has Simple Machines Forum, which is prone to security bypass vulnerability.

Impact

Attackers can guess the validation code and reset the user password to the one of their choice. Impact Level : Application

Solution

Update to version 1.1.6 http://download.simplemachines.org/ CVSS Temporal Score : 5.0

Insight

The vulnerability exists due to the application generating weak validation codes for the password reset functionality which allows for easy validation code guessing attack.

Affected

Simple Machines Forum versions prior to 1.1.6 on

References

http://secunia.com/advisories/31750/
http://www.simplemachines.org/community/index.php?topic=260145.0

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-6971

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Arkeia Appliance Path Traversal Vulnerability
Apache Tomcat /servlet Cross Site Scripting
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability

Take action and discover your vulnerabilities