Vulnerabilities > CVE-2008-6971 - Credentials Management vulnerability in Simplemachines SMF
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
Exploit-Db
description Simple Machines Forum 1.1.5 Password Reset Security Bypass Vulnerability. CVE-2008-6971. Webapps exploit for php platform id EDB-ID:32717 last seen 2016-02-03 modified 2009-01-12 published 2009-01-12 reporter Xianur0 source https://www.exploit-db.com/download/32717/ title Simple Machines Forum <= 1.1.5 Password Reset Security Bypass Vulnerability description Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit (win32). CVE-2008-6971. Webapps exploit for php platform file exploits/php/webapps/6392.php id EDB-ID:6392 last seen 2016-01-31 modified 2008-09-06 platform php port published 2008-09-06 reporter Raz0r source https://www.exploit-db.com/download/6392/ title Simple Machines Forum <= 1.1.5 Admin Reset Password Exploit Win32 type webapps
Nessus
NASL family | CGI abuses |
NASL id | SMF_PASSWORD_RESET.NASL |
description | The remote host is running Simple Machines Forum (SMF), an open source web forum application written in PHP. The version of Simple Machines Forum installed on the remote host generates validation codes for its password reset functionality with |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 34209 |
published | 2008-09-15 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/34209 |
title | Simple Machines Forum Validation Code Prediction Arbitrary Password Reset |
code |
|
References
- http://osvdb.org/47945
- http://osvdb.org/47945
- http://secunia.com/advisories/31750
- http://secunia.com/advisories/31750
- http://www.securityfocus.com/bid/31053
- http://www.securityfocus.com/bid/31053
- http://www.simplemachines.org/community/index.php?topic=260145.0
- http://www.simplemachines.org/community/index.php?topic=260145.0
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44931
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44931
- https://www.exploit-db.com/exploits/6392
- https://www.exploit-db.com/exploits/6392