Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Remediation

References

CVE-2011-0910

Related Vulnerabilities

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1148)

WordPress Plugin Forget About Shortcode Buttons Cross-Site Scripting (1.1.1)

TYPO3 Session Fixation Vulnerability (CVE-2010-3671)

CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1931)

Severity

Medium

Classification

CVE-2011-0910

Tags

Missing Update Known Vulnerabilities