Password Reset Vulnerability in Simple Machines Forum by Simple Machines
CVE-2008-6971

Currently unrated

Key Information:

Status
Vendor
CVE Published:
13 August 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2008-6971?

The password reset functionality of Simple Machines Forum (SMF) exposes sensitive information through a hidden form field that reveals the state of its random number generator. This vulnerability allows attackers to generate predictable validation codes, which can be exploited to change the passwords of other users, thereby granting unauthorized access and privileges to the malicious actor.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.