Jump to the post that solved this thread.
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved is mybb Hackable or can be hacked true answers
#1
Not Solved
mybb is safe but i have found a few things that users may need to patch
iv done a test using a paid vulnability scanner and got this

1.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

2.Vulnerability description
This server is protected by an IPS (Intrusion Prevention System), IDS (Intrusion Detection System) or an WAF (Web Application Firewall). Acunetix WVS detected this by sending various malicious payloads and detecting changes in the response code, headers and body.
(The impact of this vulnerability)
You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few attempts.

3.Vulnerability description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
(The impact of this vulnerability)
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

that being said iv done tests on the cpanal inc bruteforcing the cpanal

result-nothing

sql injections-nothing and all rumors of this are fake

i love mybb and it is now my home sweet home

as a java script maker i hate being hacked and i will help mybb staff if i discover anything

and to all users why not make mybb ur #1 for websites

Deathaces
#2
Not Solved
All things you mention are not MyBB-related. Of course information is not encrypted when you are not using SSL but it's up to the website admin to use HTTPS. And a server level IPS/IDS/WAF is neither something MyBB can influence nor a vulnerability.
Please also note vulnerability scanners often report false-positive and can't be compared to a manual security audit.
[Image: banner.png]
#3
Not Solved
this is a vulnerability in the server but still good for mybb users to rembers and sum helpfull insights
into protcting there sites but as i said im still looking into security into website devlopment and it dosnt hurt for users to know this info kill joy
Jump to the post that solved this thread.


Forum Jump:


Users browsing this thread: 1 Guest(s)