CVE-2007-3308
published 2007-06-21CVE-2007-3308: Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.40%
69.1th percentile
Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simple_machines | simple_machines_forum | — | — |
| simple_machines | smf | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-567g-v7mv-p82f: Simple Machines Forum (SMF) 1
ghsa_unreviewed·2022-05-01
CVE-2007-3308 [HIGH] GHSA-567g-v7mv-p82f: Simple Machines Forum (SMF) 1
Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.
GHSA
GHSA-g6xp-5gpp-gjqv: Simple Machines Forum (SMF), probably 1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2019 [HIGH] GHSA-g6xp-5gpp-gjqv: Simple Machines Forum (SMF), probably 1
Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/40617http://securitytracker.com/id?1018260http://securityvulns.ru/Rdocument271.htmlhttp://www.securityfocus.com/archive/1/471641/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34907http://osvdb.org/40617http://securitytracker.com/id?1018260http://securityvulns.ru/Rdocument271.htmlhttp://www.securityfocus.com/archive/1/471641/100/0/threadedhttps://exchange.xforce.ibmcloud.com/vulnerabilities/34907
2007-06-21
Published