2013-08-15, 11:18 AM
mybb is safe but i have found a few things that users may need to patch
iv done a test using a paid vulnability scanner and got this
1.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
2.Vulnerability description
This server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or an WAF (Web Application Firewall). Acunetix WVS detected this by sending various malicious payloads and detecting changes in the response code, headers and body.
(The impact of this vulnerability)
You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few attempts.
3.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
that being said iv done tests on the cpanal inc bruteforcing the cpanal
result-nothing
sql injections-nothing and all rumors of this are fake
i love mybb and it is now my home sweet home
as a java script maker i hate being hacked and i will help mybb staff if i discover anything
and to all users why not make mybb ur #1 for websites
Deathaces
iv done a test using a paid vulnability scanner and got this
1.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
2.Vulnerability description
This server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or an WAF (Web Application Firewall). Acunetix WVS detected this by sending various malicious payloads and detecting changes in the response code, headers and body.
(The impact of this vulnerability)
You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few attempts.
3.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
that being said iv done tests on the cpanal inc bruteforcing the cpanal
result-nothing
sql injections-nothing and all rumors of this are fake
i love mybb and it is now my home sweet home
as a java script maker i hate being hacked and i will help mybb staff if i discover anything
and to all users why not make mybb ur #1 for websites
Deathaces