Vulnerability Description
The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplemachines | Smf | <= 1.1.12 |
Related Weaknesses (CWE)
References
- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zipPatch
- http://www.openwall.com/lists/oss-security/2011/02/22/17Patch
- http://www.openwall.com/lists/oss-security/2011/03/02/4Patch
- http://www.simplemachines.org/community/index.php?topic=421547.0Patch
- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zipPatch
- http://www.openwall.com/lists/oss-security/2011/02/22/17Patch
- http://www.openwall.com/lists/oss-security/2011/03/02/4Patch
- http://www.simplemachines.org/community/index.php?topic=421547.0Patch
FAQ
What is CVE-2011-1128?
CVE-2011-1128 is a vulnerability with a CVSS score of 7.5 (HIGH). The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote a...
How severe is CVE-2011-1128?
CVE-2011-1128 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1128?
Check the references section above for vendor advisories and patch information. Affected products include: Simplemachines Smf.