Password Reset Vulnerability in Simple Machines Forum by Simple Machines
CVE-2008-6971

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 13 August 2009

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2008-6971?

The password reset functionality of Simple Machines Forum (SMF) exposes sensitive information through a hidden form field that reveals the state of its random number generator. This vulnerability allows attackers to generate predictable validation codes, which can be exploited to change the passwords of other users, thereby granting unauthorized access and privileges to the malicious actor.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44931

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/31053

vdb-entryx_refsource_BID

http://osvdb.org/47945

vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2009
Vulnerability Reserved
Aug 13, 2009