Design/Logic Flaw

2011-06-2102:52:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.3%

JSON

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.

CPENameOperatorVersion
smfeq1.0.13
smfeq1.1.2
smfeq1.0.8
smfeq1.1 rc1
smfeq1.0 beta4.1
smfeq1.0.1
smfle1.1.12
smfeq1.0.19
smfeq1.0.7
smfeq1.0.9

Name	Operator	Version
smf	eq	1.0.13
smf	eq	1.1.2
smf	eq	1.0.8
smf	eq	1.1 rc1
smf	eq	1.0 beta4.1
smf	eq	1.0.1
smf	le	1.1.12
smf	eq	1.0.19
smf	eq	1.0.7
smf	eq	1.0.9

Rows per page:

1-10 of 571

References

custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

www.openwall.com/lists/oss-security/2011/02/22/17

www.openwall.com/lists/oss-security/2011/03/02/4

www.simplemachines.org/community/index.php?topic=421547.0