Serious vulnerability in popular forum software - vBulletin
A large number of internet forums use the software vBulletin. They have released a software update for a serious vulnerability that was recently discovered in their software. If you have created an account on a forum that uses vBulletin, your login details and private messages may be at risk of being exposed.
Forums that use vBulletin software (version 5) that haven’t updated their software to the latest version, which was released today.
What this means
The vulnerability in the vBulletin software potentially allows attackers to access any data stored in the forums, including email addresses, passwords, and private messages.
What to look for
How to tell if you're at risk
You’re at risk if you’ve created an account on any forums that run vBulletin version 5.
What to do
CERT NZ recommends in order to mitigate any problems that you:
- Contact your forum administrator and ask them if they’ve updated the software.
- Enable two-factor authentication if it’s available.
- Make sure any passwords you use are unique, so that if attackers access it they only have access to that account.
- Once the software has been updated, change your password to the forum.