vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   ibProArcade Archive (https://vborg.vbsupport.ru/forumdisplay.php?f=174)
-   -   Big exploit issue (can easily get admin's hash) (https://vborg.vbsupport.ru/showthread.php?t=140608)

Dominic 02-27-2007 01:40 PM
Big exploit issue (can easily get admin's hash)
 
<a href="http://www.securityfocus.com/bid/22575" target="_blank">http://www.securityfocus.com/bid/22575</a>

Big exploit issue. They can easily get admin's hash. Might want to fix this if you haven't already.

Shazz 02-27-2007 02:10 PM
2.6.0 just came out :|

Dominic 02-27-2007 02:12 PM
Well i didn't see it since it wasn't posted in this forum so i didn't bother looking.

Shazz 02-27-2007 02:18 PM
Quote:
Originally Posted by CC_Phantom (Post 1191921)
Well i didn't see it since it wasn't posted in this forum so i didn't bother looking.
He hasen't made the announcment yet -.-

heres to save the time looking

https://vborg.vbsupport.ru/showthrea...ght=iproarcade
:p

gmatrix 02-28-2007 09:22 PM
Has this actually been fixed in the new release and what is the admins hash anyways?

MrZeropage 03-01-2007 12:57 PM
This is fixed in v2.6.0+ and that is exactly the issue that is meant with "fixed security issue" in the release-history

That's why I told everybody to upgrade to v2.6.0+ so nobody has to worry :)


Quote:
Originally Posted by CC Phaontom
Well i didn't see it since it wasn't posted in this forum so i didn't bother looking.
I have my eyes everywhere ;)




btw: the hash of any passwort (admin or not) does not help about anything, as the password is "double-hashed" using a random 3-character-value between the hashes so that having the hash it still is impossible to re-calculate the real password behind it :)

nitro 03-01-2007 02:23 PM
It makes no difference how many hashes or random characters used, it only takes a vulnerability that would permit the altering of the email address field for a specific ID in the user table and theres instant escalated privelages once a password reset is made.

Alternatively an attacker can simply inject the random characters (salt) for the hash and a respective hash to the respective fields on a userid in the user table and your in when you use the new password.

Not digging at ibPro as Mr Z knows, but for others information thats how easy it is to have a vbulletin admin account compromised, it only takes one bad vulnerability somewhere, allways use additonal security like htaccess, keep all your hacks up to date and be prepared to disable or even remove files for any addons if the need should arise. Its highly unlikely your vbulletin password would be retrieved, but gaining privelaged access is a different story.

MrZeropage 03-01-2007 05:06 PM
I just explained the "They can easily get admin's hash" ;)


Anyway, this got fixed quickly and (as even told in the update-notification-mail sent to all who clicked INSTALL for ibProArcade) I recommend everybody to update to v2.6.0+


All times are GMT. The time now is 04:19 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01156 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete