CVE-2011-0910 | Vulnerability Database | Aqua Security

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Affected Software

Name	Vendor	Start Version	End Version
Vanilla	Vanillaforums	*	2.0.17.5 (including)
Vanilla	Vanillaforums	2.0.9 (including)	2.0.9 (including)
Vanilla	Vanillaforums	2.0.10 (including)	2.0.10 (including)
Vanilla	Vanillaforums	2.0.11 (including)	2.0.11 (including)
Vanilla	Vanillaforums	2.0.12 (including)	2.0.12 (including)
Vanilla	Vanillaforums	2.0.13 (including)	2.0.13 (including)
Vanilla	Vanillaforums	2.0.14 (including)	2.0.14 (including)
Vanilla	Vanillaforums	2.0.15 (including)	2.0.15 (including)
Vanilla	Vanillaforums	2.0.16 (including)	2.0.16 (including)
Vanilla	Vanillaforums	2.0.17 (including)	2.0.17 (including)
Vanilla	Vanillaforums	2.0.17.1 (including)	2.0.17.1 (including)
Vanilla	Vanillaforums	2.0.17.2 (including)	2.0.17.2 (including)
Vanilla	Vanillaforums	2.0.17.3 (including)	2.0.17.3 (including)
Vanilla	Vanillaforums	2.0.17.4 (including)	2.0.17.4 (including)

References

http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0910
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html