[ISN] Firm scrambles to patch vBulletin software flaw

From: InfoSec News <alerts_at_private>
Date: Fri, 23 Jul 2010 04:10:13 -0500 (CDT)
http://www.bbc.co.uk/news/technology-10714192

By Jonathan Fildes  
Technology reporter
BBC News  
22 July 2010

A serious flaw in software widely used to power online discussion sites 
could allow hackers to harvest reams of personal data, the BBC has 
learned.

The flaw in a specific version of the vBulletin software allows anyone 
to easily access the main administrator username and password for a 
site.

This would also allow hackers to access data, such as e-mail addresses, 
and edit the site at will.

The owner of the program - Internet Brands - released a fix on 21 July.

However, at time of writing, many sites remain vulnerable.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Fri Jul 23 2010 - 02:10:13 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 23 2010 - 02:23:32 PDT