Pre Migration vBulletin Vulnerability Exposed

Discussion in 'Announcements, How do I, Feedback' started by Nathan, Jul 22, 2010.

  1. Nathan

    Nathan Founder

    Mar 30, 2009
    25,144
    10,032
    113
    Writer
    Short North
    Ratings:
    +10,049 / 0 / -0
    Some of you may have read that a recent update to vBulletin, the software that powers this site, has a serious flaw. The flaw allows anyone to easily access the main administrator username and password for a site. This would also allow hackers to access data, such as e-mail addresses, and edit the site at will.

    You can rest assured that M/A was not impacted at all. The flaw was in the latest release 3.8.6. Now I'm one that is paranoid when there is there new version and always test on a local machine before even updating the test site I use housed on the same server as the production site.

    M/A is on the 3.8.2 version, possibly the last stable version before Internet Brands started monkeying with the code base. You can always check the version by scrolling down. You will find the version information at the bottom of every page.
     
  2. lotsie

    lotsie Club Coordinator

    May 5, 2009
    3,924
    400
    83
    stagehand/part time detailer
    Right here
    Ratings:
    +400 / 0 / -0
    Internet Brands:prrr:

    Mark
     
  3. Rixter

    Rixter Well-Known Member

    Jun 14, 2009
    1,230
    79
    48
    Technology Architect
    North of the 49th
    Ratings:
    +79 / 0 / -0
    I can't tell what the 'other' site is on and whether they'd be more or less vulnerable
     
  4. Nathan

    Nathan Founder

    Mar 30, 2009
    25,144
    10,032
    113
    Writer
    Short North
    Ratings:
    +10,049 / 0 / -0
    They are on an even older version in the 3.6 range.

    I find it very odd that Internet Brands bought vBulletin, has the vast majority of their sites running it and they have not been updated to the latest version. You would think if you are creating and selling a product for forums and you run 100's of forums more than just a handful would be using the latest version of said software. I could see if the product was new, but its been out since December and is on version 4.0.5 now.

    Oh yeah, it sucks, thats why they don't use it.
     

Share This Page