Simple Machines Forum Security Bypass Vulnerability
BID:31053
Info
Simple Machines Forum Security Bypass Vulnerability
| Bugtraq ID: | 31053 |
| Class: | Design Error |
| CVE: |
CVE-2008-6971 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 06 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Raz0r |
| Vulnerable: |
Simple Machines Simple Machines Forum 1.1.5 Simple Machines Simple Machines Forum 1.1.4 Simple Machines Simple Machines Forum 1.1.3 Simple Machines Simple Machines Forum 1.1.2 Simple Machines Simple Machines Forum 1.1.1 |
| Not Vulnerable: |
Simple Machines Simple Machines Forum 1.1.6 |
Discussion
Simple Machines Forum Security Bypass Vulnerability
Simple Machines Forum is prone to a security-bypass vulnerability because the application leaks the current state of the random number generator.
Attackers can exploit this issue to set the password of any user of the application.
Versions up to and including Simple Machines Forum 1.1.5 are vulnerable.
Simple Machines Forum is prone to a security-bypass vulnerability because the application leaks the current state of the random number generator.
Attackers can exploit this issue to set the password of any user of the application.
Versions up to and including Simple Machines Forum 1.1.5 are vulnerable.
Exploit / POC
Simple Machines Forum Security Bypass Vulnerability
The following exploit is available:
The following exploit is available:
Solution / Fix
Simple Machines Forum Security Bypass Vulnerability
Solution:
The vendor has released a fix. Please see the references for more information.
Solution:
The vendor has released a fix. Please see the references for more information.
References
Simple Machines Forum Security Bypass Vulnerability
References:
References:
- Simple Machines Forum Release Notes (Simple Machines)
- Simple Machines Homepage (Simple Machines)