OpenSUSE Forums Hacked; Another vBulletin Attack!
The Hackernews broke the news first about OpenSUSE forums being hacked. The public forums was defaced and some user credentials compromised, a Pakistani hacker named ‘H4x0r HuSsY‘ claimed responsibility for the attack.
OpenSUSE reacted quickly with this post: openSUSE forums defaced, user emails leaked, saying:
Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.
However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those the hackers had access too and we’re very sorry for this data leak!
From hackernews openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw.
The Pakistani Hacker confirmed to thehackernews that has uploaded a PHP shell on the forum server using his own Private vBulletin’s zero-day exploit, that allows him to browse, read or write/overwrite any file on the Forum server without root privileges.
Thanks to the administrators the forums are now back online.