A decade-old authentication bypass vulnerability found within the phpBB discussion board software program permits an attacker to log in as any person, together with directors.
This flaw has no identifier and is simple to use with a single HTTP request. This impacts phpBB variations 4.0.0-a2 or 3.3.16 and under.
Researchers at utility safety firm Aikido found the bug on June 2 and reported it by the developer’s HackerOne vulnerability disclosure program.
phpBB instantly responded to this report and addressed the problem in model 3.3.17 of the software program on June sixth.
Based on Aikido, the flaw was launched into the phpBB codebase 10 years in the past and affected all variations within the 3.x and 4.x launch branches as much as 3.3.16 and 4.0.0-a2. For 4.x releases, there are not any fixes out there but.
phpBB is a free, open-source, PHP-based net discussion board platform that reached its peak recognition within the 2000s and early 2010s. It nonetheless powers 1000’s of boards all over the world.
Based on Aikido, no particular configuration is required to use this bug and it may well happen with default settings.
“This vulnerability might be exploited with default settings and requires no particular information,” Aikido’s report states.
“If you’re utilizing variations 4.0.0-a2 or 3.3.16 or decrease, please improve instantly to grasp (there isn’t a safe 4.x launch but) and three.3.17, respectively, to keep away from a breach.”
Administrative entry may permit an attacker to view all personal messages saved within the discussion board, create, modify, or delete content material or person accounts, impersonate employees, and deface the location.
The member listing on the phpBB discussion board is public by default, making it straightforward to decide on your targets.
Aikido factors out that distant code execution (RCE) isn’t potential because of the separate password examine that protects the administrator management panel.
The researchers withheld all technical particulars for now to provide discussion board directors sufficient time to use safety updates, and even requested directors of huge phpBB-based boards to contact them and alert them immediately.
One factor to notice is that the OAuth redirect handler has been moved to a brand new location, so the replace could break boards that use OAuth authentication. Nonetheless, this must be a simple repair normally.
Aikido promised to launch full particulars of the flaw in a future report, however didn’t present a particular timeline.
Safety groups doc 54% of profitable assaults and concern a warning on solely 14%. The remainder strikes invisibly by the surroundings.
Picus’ whitepaper reveals the way to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
