Main Vulnerability Database Vulnerabilities #VU44939

Cryptographic issues in SMF - CVE-2011-1128

Published: June 21, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44939

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2011-1128

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Simple Machines

Affected software:
SMF

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.

How to mitigate CVE-2011-1128

Install update from vendor's website.

Sources

http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
http://www.openwall.com/lists/oss-security/2011/02/22/17
http://www.openwall.com/lists/oss-security/2011/03/02/4
http://www.simplemachines.org/community/index.php?topic=421547.0

Cryptographic issues in SMF - CVE-2011-1128

Detailed vulnerability description

How to mitigate CVE-2011-1128

Sources

Please verify you're human