Announcement

Collapse
No announcement yet.

Active license required for security fix files for "CSRF attacks via the Moderator Control Panel"?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Active license required for security fix files for "CSRF attacks via the Moderator Control Panel"?

    Hello,
    Are fix files available for the recently disclosed "CSRF attacks via the Moderator Control Panel" vulnerability?
    I didn't renew my license because I have no interest in vB4 or vB5. Consequently, I don't have access to the member downloads section of the site. For the last security issue, vB provided fix files so we could manually apply fixes.

  • #2
    Your license is a vB4 license so you should have access to this.
    MARK.B | vBULLETIN SUPPORT

    TalkNewsUK - My vBulletin 5.5.4 Demo
    AdminAmmo - My Cloud Demo

    Comment


    • #3
      Sorry to tag along on this thread, but can we copy one set of patched files to multiple installations or will the license number embedded in the header mess us up? We have 50+ installs to patch this morning.

      Comment


      • #4
        You should use the correct files for the correct installation, otherwise you will run into difficulties.
        MARK.B | vBULLETIN SUPPORT

        TalkNewsUK - My vBulletin 5.5.4 Demo
        AdminAmmo - My Cloud Demo

        Comment


        • #5
          Thanks for the quick reply, Mark.B. I get the following error when trying to login: Invalid login or password.

          Comment


          • #6
            Originally posted by kcsr View Post
            Thanks for the quick reply, Mark.B. I get the following error when trying to login: Invalid login or password.
            You should use the links on the page to recover your password. If that doesn't work then email [email protected].
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
            vBulletin 5 Documentation - Updated every Friday. Report issues here.
            vBulletin 5 API - Full / Mobile
            I am not currently available for vB Messenger Chats.

            Comment


            • #7
              Originally posted by wacnstac View Post
              Sorry to tag along on this thread, but can we copy one set of patched files to multiple installations or will the license number embedded in the header mess us up? We have 50+ installs to patch this morning.
              Are you just talking about the latest modcp patch ?

              The licence number in the header of the file wont have any effect, its just a comment.
              Baby, I was born this way

              Comment


              • #8
                Thanks for the help, Mark, Wayne, and Paul. Got it sorted out.

                edit: Upgrade completed successfully. Thanks for the security fix!
                Last edited by kcsr; Tue 13th Jan '15, 11:26pm.

                Comment


                • #9
                  I need to tag onto this post also. I do not seem to have access to this latest patch. I have been running 4.0.7 Patch Level 7 for a long time and that is the only thing I have access to. Any help much appreciated.

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...
                  X