OpenSUSE Forums Hacked; Another vBulletin Attack!
The Hackernews broke the news first about OpenSUSE forums being hacked. The public forums was defaced and some user credentials compromised, a Pakistani hacker named ‘H4x0r HuSsY‘ claimed responsibility for the attack.
OpenSUSE reacted quickly with this post: openSUSE forums defaced, user emails leaked, saying:
Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.
However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those the hackers had access too and we’re very sorry for this data leak!
From hackernews openSUSE is still using vBulletin 4.2.1, which is vulnerable to inject rogue administrator accounts flaw.
The Pakistani Hacker confirmed to thehackernews that has uploaded a PHP shell on the forum server using his own Private vBulletin’s zero-day exploit, that allows him to browse, read or write/overwrite any file on the Forum server without root privileges.
Thanks to the administrators the forums are now back online.
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX : Wow! Early last week it was all over the internet, if you haven't heard it yet then this is the t...0 comments |
- Grive: An Unofficial, Open Source Linux Client For Google Drive : A couple of months before, we have featured a Linux client for Google Drive named Syncdrive, which w...1 comment |
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- How To "Fix E: Could not open file /var/lib/dpkg/status" : QUESTION: I get the following error when I use sudo apt-get update: E: Could not open file /var/...0 comments |
- Install Sublime Text 3 In Fedora Easily With Fedy : Sublime Text is a sophisticated text editor for code, markup and prose. In this tutorial we are goi...0 comments |
- Install nSnake Game In Terminal : From github repo nsnake is a clone of the classic snake game that we all used to play on our cellp...0 comments |
- Install Sublime Text 3 In Fedora Easily With Fedy
- Grive: An Unofficial, Open Source Linux Client For Google Drive
- Install nSnake Game In Terminal
- How To “Fix E: Could not open file /var/lib/dpkg/status”
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX
- Fedora 21 Scheduled For Release In October
- Install Uget Download Manager In Ubuntu, Fedora, Debian
- Download Elementary OS ‘Luna’ Official Wallpapers
- Install Power Commands 0.1.5 On Ubuntu 14.04/13.10/12.10/12.04
- 5 Android Apps that’s Going to Make Running Your Business Less Stressful
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .