vb.org Archive - IMPORTANT --- Security Flaw in TapaTalk

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)

- - IMPORTANT --- Security Flaw in TapaTalk (https://vborg.vbsupport.ru/showthread.php?t=311614)

IMPORTANT --- Security Flaw in TapaTalk

If you're site is using TapaTalk, update now! There was a security flaw found in TapaTalk and they decided NOT to inform anyone or advise anyone to update their files.

I did not find out until today, when I just happen to scroll over and found a post about it.

They even publicly admit to patching it silently, but NOT issuing a release or any notice telling people they should replace their files (because they did not even bother changing the version number either). :eek:

So I can only imagine how many sites are using the other copy without knowing they have a problem. This is completely irresponsible. :mad:

Quote:

Originally Posted by TapaTalk

Hi,

This issue has been addressed in April 26th, 9 days before this site published the issue. However, since this is a low risk item - we have simply replaced all the plugins that are affected. If this is concerning you and If you have updated the plugin after April 26th, you are not affected.

Source: https://support.tapatalk.com/threads...9/#post-131407

attached screenshot to confirm

Just another reason I am glad I do not use their plugin.

There are updates for that plug in every couple weeks. It is very simple to update normally but it gets irritating especially when most of the updates offer no features or anything.

I use tapatalk and I haven't had any problems with it ... I actually check quite frequently to see if the file versions have changed...I did notice the version of the file change when this happened and I updated ..I didn't know why it changed but I updated right away ....

It's not just the responsibility of tapatalk to let us know when something like this happens ...they deemed it was not necessary to put out a notice about this but I noticed it so I updated ...

We have to be careful ourselves and also make sure that we monitor what plugins we use and not always rely on these 3rd parties to notify us of threats ...sometimes "we" have to do our part ....

Quote:

Originally Posted by CAG CheechDogg (Post 2499202)

Very true. I have not had any issues with it either and have had it on sites for years. I see so many emails though from Tapatalk I often ignore them and just check the site every so often for an update.

I would love to use the paid version but I just cannot see spending another monthly fee on it right now.

One thing I have never figured out though is how to get sites listed higher up with in their search engine. One of my sites has had Tapatalk since it came out and it is still not very high up. I think maybe the premium users get listed higher.

Good warning though..I would not have updated this quickly had I not read this thread.

Quote:

Originally Posted by RichieBoy67 (Post 2499207)

And Richie that is also a problem, a lot of people don't actually check their emails like you just said, you ignore them and some even use emails that they don't even have active anymore and these important updates go unnoticed quite often.

I don't use the paid version and I don't see a need to either. I didn't even know there was a list within their search of the sites ! lol ...Most of the traffic now that comes to my forums is through tapatalk and I easily have over 200-300 posts per day on my forums. They just love tapatalk because they can stay updated and post where ever they go.

And yes good warning, I actually checked to see if the file version had changed and it was still the same so im good to go.....

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01077 seconds Memory Usage 1,732KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: