The password reset functionality in Simple Machines Forum (SMF) 1.0.x prior to 1.0.14, 1.1.x prior to 1.1.6, and 2.0 prior to 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote malicious users to modify passwords of other users and gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplemachines smf 2.0-beta3 |
||
simplemachines smf 2.0 |
||
simplemachines smf 1.1.5 |
||
simplemachines smf 1.1.4 |
||
simplemachines smf 2.0-beta2 |
||
simplemachines smf 1.0.13 |
||
simplemachines smf 1.0.12 |