The cookie implementation in Vanilla Forums prior to 2.0.17.6 makes it easier for remote malicious users to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vanillaforums vanilla 2.0.10 |
||
vanillaforums vanilla 2.0.11 |
||
vanillaforums vanilla 2.0.12 |
||
vanillaforums vanilla 2.0.13 |
||
vanillaforums vanilla 2.0.17 |
||
vanillaforums vanilla 2.0.17.1 |
||
vanillaforums vanilla 2.0.17.2 |
||
vanillaforums vanilla 2.0.17.3 |
||
vanillaforums vanilla 2.0.15 |
||
vanillaforums vanilla 2.0.9 |
||
vanillaforums vanilla 2.0.17.4 |
||
vanillaforums vanilla 2.0.14 |
||
vanillaforums vanilla 2.0.16 |
||
vanillaforums vanilla |