PDA

View Full Version : PM How Secure ?


Fred Zed
05 Jan 2002, 23:06
A user at a site that uses VB 2.2.1 claims that he was able to acess other users's PMs. He is neither a computer professional nor hacker. Apparently he was able to do this from message links sent from the Bulletin Board to his email. This user is a reliable source and I believe his story to be true.

My question is - if true how is this possible ? Could this be due to some flaw in the the way the board was set up or some other bug in Vbulletin ?

Appreciate any help/comments. I am not a geek and some of my members are really concerned about these rumours.

Steve Machol
05 Jan 2002, 23:48
I don't belive this is possible and I've never seen this problem proven to be true. If this source is so reliable then simply ask him how he did it.

Fred Zed
06 Jan 2002, 00:07
Just got an email from that user, he swears he was able read the
PMs from the links sent to his hotmail and adds:

"if the links have the password embedded in them then anyone can access them [ PMs ] which is what happened. "

As the board in affected was not mine, I will try to get more details but thanks a lot for responding.

Steve Machol
06 Jan 2002, 00:33
Links in vB don't have the password embedded in them. Your user is mistaken.

Steve Machol
06 Jan 2002, 01:03
Just out of curiousity, why are you still running vB 2.0 RC3? This version is very insecure and terribly out of date.

Fred Zed
06 Jan 2002, 01:19
Thanks. That's the version that we were sent when we purchased the Vbulletin licence about 5 months ago. As you have probably figured out, I'm no Webmaster, just the site owner. My Webmaster didn't seem to think there was any rush to upgrade but now that you tell me this, I will ask him to upgrade to 2.2.1 asap. Thanks again.