CVE-2008-6971

Simple Machines Forum (SMF) 1.1.5 (Windows x86) - Admin Reset Password

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.

La funcionalidad de reinicio de contraseña en Simple Machines Forum (SMF) v1.0.x anteriores a v1.0.14, v1.1.x anteriores a v1.1.6, y v2.0 anteriores a v2.0 beta 4 incluye pistas acerca del estado del generador de número aleatorios con un campo del formulario escondido y genera códigos validados predecibles, lo que permite a los atacantes remotos, modificar la contraseña de otros usuario y obtener privilegios.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-08-13 CVE Reserved
2009-08-13 CVE Published
2024-03-23 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-255: Credentials Management Errors

CAPEC

References (6)

URL	Tag	Source
http://osvdb.org/47945	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44931	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/6392	2024-08-07
http://www.securityfocus.com/bid/31053	2024-08-07

URL	Date	SRC
http://www.simplemachines.org/community/index.php?topic=260145.0	2017-09-29

URL	Date	SRC
http://secunia.com/advisories/31750	2017-09-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				1.0.12 Search vendor "Simplemachines" for product "Smf" and version "1.0.12"		-		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				1.0.13 Search vendor "Simplemachines" for product "Smf" and version "1.0.13"		-		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				1.1.4 Search vendor "Simplemachines" for product "Smf" and version "1.1.4"		-		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				1.1.5 Search vendor "Simplemachines" for product "Smf" and version "1.1.5"		-		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				2.0 Search vendor "Simplemachines" for product "Smf" and version "2.0"		rc1.2		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				2.0-beta2 Search vendor "Simplemachines" for product "Smf" and version "2.0-beta2"		-		Affected
Simplemachines Search vendor "Simplemachines"		Smf Search vendor "Simplemachines" for product "Smf"				2.0-beta3 Search vendor "Simplemachines" for product "Smf" and version "2.0-beta3"		-		Affected