[Fred Zed]

A user at a site that uses VB 2.2.1 claims that he was able to acess other users's PMs. He is neither a computer professional nor hacker. Apparently he was able to do this from message links sent from the Bulletin Board to his email. This user is a reliable source and I believe his story to be true.

My question is - if true how is this possible ? Could this be due to some flaw in the the way the board was set up or some other bug in Vbulletin ?

Appreciate any help/comments. I am not a geek and some of my members are really concerned about these rumours.

[Steve Machol]

I don't belive this is possible and I've never seen this problem proven to be true. If this source is so reliable then simply ask him how he did it.

[Fred Zed]

Just got an email from that user, he swears he was able read the
PMs from the links sent to his hotmail and adds:

"if the links have the password embedded in them then anyone can access them [ PMs ] which is what happened. "

As the board in affected was not mine, I will try to get more details but thanks a lot for responding.

[Steve Machol]

Links in vB don't have the password embedded in them. Your user is mistaken.

[Steve Machol]

Just out of curiousity, why are you still running vB 2.0 RC3? This version is very insecure and terribly out of date.

[Fred Zed]

Thanks. That's the version that we were sent when we purchased the Vbulletin licence about 5 months ago. As you have probably figured out, I'm no Webmaster, just the site owner. My Webmaster didn't seem to think there was any rush to upgrade but now that you tell me this, I will ask him to upgrade to 2.2.1 asap. Thanks again.