Serious vulnerability in popular forum software - vBulletin

4:15pm, 26 Sep 2019

TLP Rating: White

Serious vulnerability in popular forum software - vBulletin

A large number of internet forums use the software vBulletin. They have released a software update for a serious vulnerability that was recently discovered in their software. If you have created an account on a forum that uses vBulletin, your login details and private messages may be at risk of being exposed.

What's happening

Systems affected

Forums that use vBulletin software (version 5) that haven’t updated their software to the latest version, which was released today.

What this means

The vulnerability in the vBulletin software potentially allows attackers to access any data stored in the forums, including email addresses, passwords, and private messages.

What to look for

How to tell if you're at risk

You’re at risk if you’ve created an account on any forums that run vBulletin version 5.

What to do

Mitigation

CERT NZ recommends in order to mitigate any problems that you:

Contact your forum administrator and ask them if they’ve updated the software.
Enable two-factor authentication if it’s available.
Make sure any passwords you use are unique, so that if attackers access it they only have access to that account.
Once the software has been updated, change your password to the forum.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.

We're taking a break over Christmas. We’ll close on 24 December and will reopen on 6 January 2020.

Alerts

4:15pm, 26 Sep 2019