Thread Rating:
  • 5 Vote(s) - 2.6 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [Important!] Attention users of the merge system version 1.6.1 and earlier.
#1
Not Solved
If you've used the MyBB Merge System v1.6.1 or earlier please download the attached file, upload it to your forum root, and run it by going to http://yourdomain.com/yourforumpath/icr.php for security purposes.

The reason for this is a potential security breach related to the "old db" password being stored in the datacache in plaintext form. Thanks goes to euantor & Malcolm for reporting this.


Attached Files
.php   icr.php (Size: 180 bytes / Downloads: 343)
#2
Not Solved
I removed the cache as soon as I merged. Smile
No longer involved in the MyBB project.
#3
Not Solved
(07-20-2011, 07:41 PM)Malcolm. Wrote: I removed the cache as soon as I merged. Smile

Not everyone will be aware to do that though Wink

This will be fixed in Merge System 1.6.2 thankfully.
#4
Not Solved
(07-20-2011, 07:43 PM)Dylan M. Wrote:
(07-20-2011, 07:41 PM)Malcolm. Wrote: I removed the cache as soon as I merged. Smile

Not everyone will be aware to do that though Wink

This will be fixed in Merge System 1.6.2 thankfully.

You are right i didn`t new about this
Done now thanks for letting us know Smile
#5
Not Solved
Done. Thanks for the fix Dylan. Smile
#6
Not Solved
(07-20-2011, 07:43 PM)Dylan M. Wrote: Not everyone will be aware to do that though

You are right... that's why I wonder if this was sent on any mailing, just like you (MyBB) do upon security advisories.

I came across this post just by coincidence. Most of us migrate a forum just once and then forget about this MyBB Merge Support subforum.

P.S. Thanks for the fix Wink
#7
Not Solved
It was on the blog, I don't think it was sent out via mailing list though as I don't have access to that Wink


Forum Jump:


Users browsing this thread: 1 Guest(s)