Vulnerabilities > CVE-2007-3308 - Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

simple-machines

NVD

Published: 2007-06-21

Updated: 2018-10-16

Summary

Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.

Vulnerable Configurations

Part	Description	Count
Application	Simple_Machines Simple Machines Simple Machines Forum 1.1.2	1

References

http://osvdb.org/40617
http://securitytracker.com/id?1018260
http://securityvulns.ru/Rdocument271.html
http://www.securityfocus.com/archive/1/471641/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34907