Web application abuses : Simple Machines Forum Password Reset Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900118

Categoría: Web application abuses

Título: Simple Machines Forum Password Reset Vulnerability

Resumen: Simple Machines Forum is prone to a security bypass; vulnerability.

Descripción: Summary:
Simple Machines Forum is prone to a security bypass
vulnerability.

Vulnerability Insight:
The vulnerability exists due to the application generating weak
validation codes for the password reset functionality which allows for easy validation code
guessing attack.

Vulnerability Impact:
Attackers can guess the validation code and reset the user
password to the one of their choice.

Affected Software/OS:
Simple Machines Forum versions prior to 1.1.6.

Solution:
Update to version 1.1.6 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-6971
BugTraq ID: 31053
http://www.securityfocus.com/bid/31053
https://www.exploit-db.com/exploits/6392
http://osvdb.org/47945
http://secunia.com/advisories/31750
XForce ISS Database: smf-password-reset-security-bypass(44931)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44931

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900118
Categoría:	Web application abuses
Título:	Simple Machines Forum Password Reset Vulnerability
Resumen:	Simple Machines Forum is prone to a security bypass; vulnerability.
Descripción:	Summary: Simple Machines Forum is prone to a security bypass vulnerability. Vulnerability Insight: The vulnerability exists due to the application generating weak validation codes for the password reset functionality which allows for easy validation code guessing attack. Vulnerability Impact: Attackers can guess the validation code and reset the user password to the one of their choice. Affected Software/OS: Simple Machines Forum versions prior to 1.1.6. Solution: Update to version 1.1.6 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6971 BugTraq ID: 31053 http://www.securityfocus.com/bid/31053 https://www.exploit-db.com/exploits/6392 http://osvdb.org/47945 http://secunia.com/advisories/31750 XForce ISS Database: smf-password-reset-security-bypass(44931) https://exchange.xforce.ibmcloud.com/vulnerabilities/44931
Copyright	Copyright (C) 2008 Greenbone AG