greEd
11-10-01, 02:12 PM
I know my last thread about this was deleted for the purpose of other users not being disclosed the vulnerabilitie, I will disclose nothing.
However after the initial vulnerabilitie I discovered I followed up with a message to Philip an Ken (thank you guys for your concern in the vulnerabilitie) after the contact with Ken and Philip I disclosed the information to vBulletin and unfortuanatley the only reply was to the effect of "we don't care", this disturbed me a bit because this is a product that is bought and used by many corps.
I decided to download the evaluation version of the software and found 2 more bugs in the software that I installed on my personal web-site and was able to cripple it and aquire user accounts and encrypted passwords.
I don't disclose vulnerabilites I find to anyone other than companys that are vulnerable and the people responsible for the vulnerabilities.
I am currently working on finding a way around these problems in the code and will inform you guys first and foremost of the steps to secure the bb.
regards,
greEd
However after the initial vulnerabilitie I discovered I followed up with a message to Philip an Ken (thank you guys for your concern in the vulnerabilitie) after the contact with Ken and Philip I disclosed the information to vBulletin and unfortuanatley the only reply was to the effect of "we don't care", this disturbed me a bit because this is a product that is bought and used by many corps.
I decided to download the evaluation version of the software and found 2 more bugs in the software that I installed on my personal web-site and was able to cripple it and aquire user accounts and encrypted passwords.
I don't disclose vulnerabilites I find to anyone other than companys that are vulnerable and the people responsible for the vulnerabilities.
I am currently working on finding a way around these problems in the code and will inform you guys first and foremost of the steps to secure the bb.
regards,
greEd