CVE-2011-1128 - OpenCVE

The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Simplemachines	Smf

Configuration 1 [-]

OR	cpe:2.3:a:simplemachines:smf::::::::
	cpe:2.3:a:simplemachines:smf:1.0:::::::*
	cpe:2.3:a:simplemachines:smf:1.0:beta4::::::
	cpe:2.3:a:simplemachines:smf:1.0:beta4.1::::::
	cpe:2.3:a:simplemachines:smf:1.0:beta5::::::
	cpe:2.3:a:simplemachines:smf:1.0:beta6::::::
	cpe:2.3:a:simplemachines:smf:1.0:rc1::::::
	cpe:2.3:a:simplemachines:smf:1.0:rc2::::::
	cpe:2.3:a:simplemachines:smf:1.0.1:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.2:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.3:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.4:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.5:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.6:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.7:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.8:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.9:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.10:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.12:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.13:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.14:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.15:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.16:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.17:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.18:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.19:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.20:::::::*
	cpe:2.3:a:simplemachines:smf:1.0.21:::::::*
	cpe:2.3:a:simplemachines:smf:1.1:::::::*
	cpe:2.3:a:simplemachines:smf:1.1:beta1::::::
	cpe:2.3:a:simplemachines:smf:1.1:beta2::::::
	cpe:2.3:a:simplemachines:smf:1.1:beta3::::::
	cpe:2.3:a:simplemachines:smf:1.1:beta4::::::
	cpe:2.3:a:simplemachines:smf:1.1:rc1::::::
	cpe:2.3:a:simplemachines:smf:1.1:rc2::::::
	cpe:2.3:a:simplemachines:smf:1.1:rc3::::::
	cpe:2.3:a:simplemachines:smf:1.1.1:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.2:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.3:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.4:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.5:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.6:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.7:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.8:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.9:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.10:::::::*
	cpe:2.3:a:simplemachines:smf:1.1.11:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:simplemachines:smf:2.0:beta1::::::
	cpe:2.3:a:simplemachines:smf:2.0:beta2::::::
	cpe:2.3:a:simplemachines:smf:2.0:beta2.1::::::
	cpe:2.3:a:simplemachines:smf:2.0:beta3::::::
	cpe:2.3:a:simplemachines:smf:2.0:beta3.1::::::
	cpe:2.3:a:simplemachines:smf:2.0:beta4::::::
	cpe:2.3:a:simplemachines:smf:2.0:rc1::::::
	cpe:2.3:a:simplemachines:smf:2.0:rc2::::::
	cpe:2.3:a:simplemachines:smf:2.0:rc3::::::
	cpe:2.3:a:simplemachines:smf:2.0:rc4::::::

References

Link	Resource
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip	Patch
http://www.openwall.com/lists/oss-security/2011/02/22/17	Patch
http://www.openwall.com/lists/oss-security/2011/03/02/4	Patch
http://www.simplemachines.org/community/index.php?topic=421547.0	Patch