Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2008-6971
HistoryAug 13, 2009 - 4:30 p.m.

CVE-2008-6971

2009-08-1316:30:00
CWE-255
[email protected]
web.nvd.nist.gov
29
smf
simple machines forum
password reset
vulnerability
remote attack
privilege escalation
nvd
cve-2008-6971

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.

Related

prion 1
exploitdb 1
nessus 1
cvelist 1
openvas 1
prion
prion
Code injection
2009-08-13 16:30:00
exploitdb
exploitdb
Simple Machines Forum <= 1.1.5 Password Reset Security Bypass Vulnerability
2009-01-12 00:00:00
nessus
nessus
Simple Machines Forum Validation Code Prediction Arbitrary Password Reset
2008-09-15 00:00:00
cvelist
cvelist
CVE-2008-6971
2009-08-13 16:00:00
openvas
openvas
Simple Machines Forum Password Reset Vulnerability
2008-09-25 00:00:00

7.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON
Related for CVE-2008-6971
prion1exploitdb1nessus1cvelist1openvas1