Potential Phishing Vector

We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

Generic example of the Phishing Attempt:

• User can post a fake thread inviting others to reset their passwords using the provided link
• User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
• For example: http://www.vbulletin.com/forum/login...www.google.com
• Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.

This vector was reported by:

Robert Gilbert
HALOCK Security Labs
http://blog.halock.com


Continue reading...

 

Hope they get this patched soon now that they just pretty much showed us how to do it..

 

sometimes I swear that VB are run by a load of idiots, cos although it's been identified, why are they telling people how to do it...

 

I know... specially when they dont have a patch out of it. Have you noticed, that it just keeps getting worse for vBulletin with all the exploits.. one after the other.

 

I know...it's crazy, you think they would at least have their software get professionally audited like phpBB3 had done before it went gold...

 

Its goes to show you how stable it really is..

 

Yea, I guess it does. It makes me glad that I had to switch back to phpBB3 and not buy a new VB license