← Back

CVE-2011-0910

nvd nist
Published: Feb 8, 2011Modified: Apr 29, 2026

JSON object

Loading...
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD

Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Affected (14)

Vanillaforums
1 product
Vanilla
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Vanillaforums
Vanilla
Up to 2.0.17.5
Vanilla
Version 2.0.10
Vanilla
Version 2.0.11
Vanilla
Version 2.0.12
Vanilla
Version 2.0.13
Vanilla
Version 2.0.14
Vanilla
Version 2.0.15
Vanilla
Version 2.0.16
Vanilla
Version 2.0.17.1
Vanilla
Version 2.0.17.2
Vanilla
Version 2.0.17.3
Vanilla
Version 2.0.17.4
Vanilla
Version 2.0.17
Vanilla
Version 2.0.9

References (2)

Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.