Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Remediation

References

CVE-2011-0910

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6098)

Atlassian Jira CVE-2019-20410 Vulnerability (CVE-2019-20410)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2891)

WordPress Plugin MiwoEvents-Manage & Book Events Unspecified Vulnerability (1.2.0)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Multiple Vulnerabilities (1.5.4)

Severity

Medium

Classification

CVE-2011-0910

Tags

Missing Update Known Vulnerabilities