CVE-2008-6971 | Vulnerability Database

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-6971
CWE	https://cwe.mitre.org/data/definitions/255.html

The password reset functionality in Simple Machines Forum (SMF) 1.0.x before 1.0.14, 1.1.x before 1.1.6, and 2.0 before 2.0 beta 4 includes clues about the random number generator state within a hidden form field and generates predictable validation codes, which allows remote attackers to modify passwords of other users and gain privileges.

Affected Software

Name	Vendor	Start Version	End Version
Smf	Simplemachines	1.0.12 (including)	1.0.12 (including)
Smf	Simplemachines	1.0.13 (including)	1.0.13 (including)
Smf	Simplemachines	1.1.4 (including)	1.1.4 (including)
Smf	Simplemachines	1.1.5 (including)	1.1.5 (including)
Smf	Simplemachines	2.0-rc1.2 (including)	2.0-rc1.2 (including)
Smf	Simplemachines	2.0-beta2 (including)	2.0-beta2 (including)
Smf	Simplemachines	2.0-beta3 (including)	2.0-beta3 (including)

References

http://osvdb.org/47945
http://secunia.com/advisories/31750
http://www.securityfocus.com/bid/31053
http://www.simplemachines.org/community/index.php?topic=260145.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/44931
https://www.exploit-db.com/exploits/6392