VYPR
Unrated severityNVD Advisory· Published Feb 8, 2011· Updated Jun 16, 2026

CVE-2011-0910

CVE-2011-0910

Description

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.

Affected products

15
  • Lussumo/Vanilla14 versions
    cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*range: <=2.0.17.5
    • cpe:2.3:a:vanillaforums:vanilla:2.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.17.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.17.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.17.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vanillaforums:vanilla:2.0.9:*:*:*:*:*:*:*
  • Range: <2.0.17.6

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.