The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2011-06-20 19:52
Updated : 2011-06-28 21:00
NVD link : CVE-2011-1128
Mitre link : CVE-2011-1128
JSON object : View
CWE
CWE-310
Cryptographic Issues
Products Affected
simplemachines
- smf