Go Back   vb.org Archive > Community Central > Community Lounge
  #1  
Old 01-05-2002, 10:06 PM
Fred Zed
Guest
 
Posts: n/a
Default

A user at a site that uses VB 2.2.1 claims that he was able to acess other users's PMs. He is neither a computer professional nor hacker. Apparently he was able to do this from message links sent from the Bulletin Board to his email. This user is a reliable source and I believe his story to be true.

My question is - if true how is this possible ? Could this be due to some flaw in the the way the board was set up or some other bug in Vbulletin ?

Appreciate any help/comments. I am not a geek and some of my members are really concerned about these rumours.
Reply With Quote
  #2  
Old 01-05-2002, 10:48 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't belive this is possible and I've never seen this problem proven to be true. If this source is so reliable then simply ask him how he did it.
Reply With Quote
  #3  
Old 01-05-2002, 11:07 PM
Fred Zed
Guest
 
Posts: n/a
Default

Just got an email from that user, he swears he was able read the
PMs from the links sent to his hotmail and adds:

"if the links have the password embedded in them then anyone can access them [ PMs ] which is what happened. "

As the board in affected was not mine, I will try to get more details but thanks a lot for responding.
Reply With Quote
  #4  
Old 01-05-2002, 11:33 PM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Links in vB don't have the password embedded in them. Your user is mistaken.
Reply With Quote
  #5  
Old 01-06-2002, 12:03 AM
Steve Machol's Avatar
Steve Machol Steve Machol is offline
 
Join Date: Nov 2001
Posts: 1,896
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just out of curiousity, why are you still running vB 2.0 RC3? This version is very insecure and terribly out of date.
Reply With Quote
  #6  
Old 01-06-2002, 12:19 AM
Fred Zed
Guest
 
Posts: n/a
Default

Thanks. That's the version that we were sent when we purchased the Vbulletin licence about 5 months ago. As you have probably figured out, I'm no Webmaster, just the site owner. My Webmaster didn't seem to think there was any rush to upgrade but now that you tell me this, I will ask him to upgrade to 2.2.1 asap. Thanks again.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:59 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04607 seconds
  • Memory Usage 2,186KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (3)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete