CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Affected Software

Name	Vendor	Start Version	End Version
Vanilla	Vanillaforums	*	2.0.17.5 (including)
Vanilla	Vanillaforums	2.0.9 (including)	2.0.9 (including)
Vanilla	Vanillaforums	2.0.10 (including)	2.0.10 (including)
Vanilla	Vanillaforums	2.0.11 (including)	2.0.11 (including)
Vanilla	Vanillaforums	2.0.12 (including)	2.0.12 (including)
Vanilla	Vanillaforums	2.0.13 (including)	2.0.13 (including)
Vanilla	Vanillaforums	2.0.14 (including)	2.0.14 (including)
Vanilla	Vanillaforums	2.0.15 (including)	2.0.15 (including)
Vanilla	Vanillaforums	2.0.16 (including)	2.0.16 (including)
Vanilla	Vanillaforums	2.0.17 (including)	2.0.17 (including)
Vanilla	Vanillaforums	2.0.17.1 (including)	2.0.17.1 (including)
Vanilla	Vanillaforums	2.0.17.2 (including)	2.0.17.2 (including)
Vanilla	Vanillaforums	2.0.17.3 (including)	2.0.17.3 (including)
Vanilla	Vanillaforums	2.0.17.4 (including)	2.0.17.4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0910
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References