backtop

Blog: Software Programmers Working to Fix vBulletin Flaw
Michael Barkoviak - July 23, 2010 12:33 PM
Print 6 comment(s) - last by vortex222.. on Jul 25 at 1:21 PM
A recent vBulletin vulnerability puts Web administrators at risk

The BBC has learned a major vBulletin software flaw that gives users the ability to view and access passwords administrators use to maintain the site. Specifically, security experts warn the vulnerability can lead to SQL username, SQL server, SQL password and SQL port information 

VBuletin is used today for many of the internet forums and online discussion boards people sign up and share information on. The new 3.8.6 of the forum software was released on July 13 and can be exploited even by regular PC users, the BBC learned.

"It is very worrying that they are releasing a product which has such a horrendous flaw," said Stuart Wright, AV Forums head, in an interview with BBC.  "I'm really not happy - we rely on this software for our business."

AV Forums has more than 300,000 members, but is not using the vBulletin version in question. However, Internet Brands, which develops and markets vBulletin, has informed domain owners and has told them a patch is available to fix the problem.

A vBulletin patch was promised, but it's unknown how many administrators have successfully used it.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
umm..what?
By CvP on 7/23/2010 5:06:37 PM , Rating: 5
This flaw has been confirmed, patched, patch released, official announcement was made in vB forums, notification was sent thru vB admin control panel. All under 24h since the flaw was found.

Patch was released on "Thu 22nd Jul '10".
You posted this news on 23rd Jul. wow.




RE: umm..what?
By CvP on 7/23/2010 5:08:03 PM , Rating: 2
also, without any official comment from vB/IB.


RE: umm..what?
By Etern205 on 7/24/2010 3:50:29 PM , Rating: 2
About DailyTech

quote:
DailyTech is a leading online magazine for a well-educated, tech audience. Our readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news . DailyTech’s fast-moving content also reaches out via news syndications, public portals and forums.


RE: umm..what?
By Etern205 on 7/24/2010 3:50:30 PM , Rating: 2
About DailyTech

quote:
DailyTech is a leading online magazine for a well-educated, tech audience. Our readers enjoy hard-hitting and up to the minute CE, PC, IT and information technology news . DailyTech’s fast-moving content also reaches out via news syndications, public portals and forums.


RE: umm..what?
By AnnihilatorX on 7/25/2010 8:43:32 AM , Rating: 3
Erm this isn't a news posting. This is a Blog post in the blog section.

Certainly an editor blog would not need to have as much scrutiny as a news column,


RE: umm..what?
By vortex222 on 7/25/2010 1:21:31 PM , Rating: 2
perhaps a bit more accuracy of the expression could be warranted.

"OMG A Grandmother crossed the street! She could have been run over or perhaps mugged by a thief or dog! 300,000 Grandmothers cross streets every day and its worrisome that atrocities can happen to them."

I suppose its less boring to state she crossed the street gently as the walk symbol flashed in her favour. But I hope you get my point. This posting was nothing but FUD, and although it is indeed a blog posting, it is still posted to the same page as the news on this site and should still hold some level of integrity.


"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer











botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki