Описание
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.17.5 (включая)
Одно из
cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*
cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00243
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
EPSS
Процентиль: 47%
0.00243
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other