Announcement

Collapse
No announcement yet.

Password Security in 2.3.2

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password Security in 2.3.2

    Hi there, Gang,

    Recently, a user on our forums (running on vBulletin 2.3.2) had her password used by another disruptive user; he claimed that he had "hacked" into the membership database and derived it. While I saw no evidence of hacking in our system, the password did, in fact, match her password - so, somehow, he divined it.

    Can someone tell me what steps I should take to make sure it is impossible for individuals to break into the system to determine passwords? (Since they're encrypted in MySQL, I'm guessing that this is pretty much impossible, isn't it, and the person just guessed it?) It was a fairly complicated password (a bunch of letters, though, no numbers). Would using a password cracker have done this?

    Thanks for your help. I'm basically trying to reassure my members that our security is safe, and their passwords are indeed secure.

    Kaelon

  • #2
    it will be 100% impossible for them to just break into it.

    if he could have goten her cookie then he could have maybe done it, but its no simple task

    Comment


    • #3
      Originally posted by Faranth
      it will be 100% impossible for them to just break into it.

      if he could have goten her cookie then he could have maybe done it, but its no simple task
      Thanks! I thought this was pretty much the case.

      Comment


      • #4
        Upgrade to 2.3.4:

        http://www.vbulletin.com/forum/showthread.php?t=91409
        Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
        Change CKEditor Colors to Match Style (for 4.1.4 and above)

        Steve Machol Photography


        Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment


        • #5
          Originally posted by Steve Machol
          Steve - are there known password issues with 2.3.2?

          Comment


          • #6
            I don't know the specifics of the security issue. Nonetheless there is an issue with the version you are running and you should upgrade to 2.3.4.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography


            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            Comment


            • #7
              Thanks very much. I've patched the calendar.php to fix the security hole.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X