Alerts
We highlight current cyber security threats in New Zealand, and provide guidance on what to do if they affect you.
4:15pm, 26 September 2019
TLP Rating:
Serious vulnerability in popular forum software - vBulletin
A large number of internet forums use the software vBulletin. They have released a software update for a serious vulnerability that was recently discovered in their software. If you have created an account on a forum that uses vBulletin, your login details and private messages may be at risk of being exposed.
What's happening
Systems affected
Forums that use vBulletin software (version 5) that haven’t updated their software to the latest version, which was released today.
What this means
The vulnerability in the vBulletin software potentially allows attackers to access any data stored in the forums, including email addresses, passwords, and private messages.
What to look for
How to tell if you're at risk
You’re at risk if you’ve created an account on any forums that run vBulletin version 5.
What to do
Mitigation
CERT NZ recommends in order to mitigate any problems that you:
- Contact your forum administrator and ask them if they’ve updated the software.
- Enable two-factor authentication if it’s available.
- Make sure any passwords you use are unique, so that if attackers access it they only have access to that account.
- Once the software has been updated, change your password to the forum.
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
Report an incident to CERT NZ External Link
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.