vbulletin vulnerability allows hackers to find and brute force accounts

PacMan

Tazmanian
Joined
Apr 12, 2004
Messages
4,272
Can you still officially download from the vB site 3/4 series? If so, then why don't they fix the security issues or discontinue distribution of it if it is marked EOL?

Yes to VB3/VB4, if you have an active license.
 

VICE

tool
Joined
Jun 8, 2013
Messages
2,735
I thought that's vB5 tracker?
Sorry, I'm a bit confused here, are we talking about vB4 or vB5?
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
4,988
Yes to VB3/VB4, if you have an active license.
If they still distribute it, with known vulnerabilities not repaired, would they not have associated responsibility if those known security vulnerabilities (which they refuse to fix) are used to access the system?
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
If they still distribute it, with known vulnerabilities not repaired, would they not have associated responsibility if those known security vulnerabilities are used to access the system?

Nah they will suggest you to upgrade to vB5, as vB3 and vB4 are technically EOL.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
It goes without saying. Also the tracker number that Joe linked to does. As it was found to be true, by not updating previous versions of a vulnerability is just bad.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
Interesting.
Must be another tracker than the one Ziggy Stardust linked.

Please quit using your pet names for everyone. Use their forum name when referencing someone. It just makes you look immature when you do that.
 
Last edited:

VICE

tool
Joined
Jun 8, 2013
Messages
2,735
Please quit using your pet names for everyone. Toe their forum name when referencing someone. It just makes you look immature when you do that.
Can you link me to the appropriate tracker (Soltan)?
I would like to read this issue further.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
I don't have a link because I don't know who Soltan is.
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
TBH I don't see what further reading in necessary. It was reported in 2012, and was only fixed in vB5. They know the issue is in every version of vB, but don't fix it.
 

VICE

tool
Joined
Jun 8, 2013
Messages
2,735
TBH I don't see what further reading in necessary. It was reported in 2012, and was only fixed in vB5. They know the issue is in every version of vB, but don't fix it.
I'm not a clairvoyant and I don't jump to conclusion without examining first.
I know about the tracker that push to make vB4 to support IPv6.
But I have never know a tracker about this specific issue, that's why I asked you to link me.
Could it be that this tracker has yet to be created?
 

ozzy47

Tazmanian Master
Joined
Oct 18, 2013
Messages
8,990
It does not matter. It is a issue in every version of vB. usually when there is a vulnerability reported, that is not version specific, they fix it in all current latest versions. So 3.8 and 4.2 should have had this fixed.
 
Top