Attackers used vBulletin vulnerability to hack Comodo forums

Attackers used the vulnerability in vBulletin to hack Comodo forums: 245,000 users were affected.

Last week, an exploit for the 0-day vulnerability CVE-2019-16759 in the vBulletin forum engine was published on the network. This bug allows an attacker to execute shell commands on a vulnerable server.

Moreover, an attacker just needs to use a simple HTTP POST request and does not need to have an account on the target forum, that is, the problem belongs to the unpleasant class of pre-authentication vulnerabilities.

Information security experts have already noticed that attackers quickly adopted the bug. Although the developers of vBulletin fixed the problem last week, not all users managed to upgrade so far.

Read also: Botnets actively exploit vBulletin critical vulnerability discovered last week

It became known about the first major victim of this vulnerability: Comodo announced the compromise of its forums. The hacking occurred on September 29, 2019 (almost four days after the release of the patch), and attackers were able to access information from 245,000 users.

“An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database. User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations. All user passwords in the database were stored encrypted. Comodo forums currently have approximately 245,000 registered users”, — report in Comodo.

It seems that the hacking affected a forum located on (ITarian) and running vBulletin, while running Simple Machines Forum was not affected. However, representatives of Comodo write that hackers could infiltrate both forums, as both “are in the same segment of the company’s infrastructure.” One theory is that criminals hacked into ITarian then used stolen credentials and infiltrated other company forums.

As a result of the hacking, third parties could get logins, email addresses, names, hashed passwords, last used IP addresses, and in some cases information about user accounts on social networks.

The Bleeping Computer publication notes that a database containing the data of 170,000 users of the Comodo forums was put up for sale on the black market, with passwords protected by an unreliable MD5. The seller of the base claims that the data was received on September 29th.

Registration on the affected forums is temporarily disabled, and Comodo representatives apologize to users and assure that currently all security problems have already been eliminated.

What should forum users do? (Recommendations from Comodo)

As a precautionary measure we recommend that forum users should immediately change their passwords and exercise good password practices such as strong random passwords and not share your passwords across different Internet accounts. The account passwords were encrypted in vBulletin for the Comodo Forum users, but a password change is recommended as part of good password practices.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *


Back to top button