• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 xenforo 1.5.8 Account Exploit

CabCon

Active member
#1
Hello,
someone contacted me via skype that he have access to some of my registered members (name+password). He said that he found a exploit on my website and I'm very confused because I'm using xenforo. Also the person said that he only can do it with accounts with a weak password, stronger passwords aren't so easy and would take a time. Also I looked in my IP log and yeah they got the access to the accounts. So are there any known exploit in version 1.5.8? I would like to know them. Also if someone from the developers want the skype conversation or access to my site, let me know.

Regards,
CabCon.
 

Brogan

XenForo moderator
Staff member
#2
There are no known exploits in 1.5.8.

It is more likely that they have gained access due to insecure passwords, or possibly an add-on.

Unless they can provide details of the exploit, it's impossible for us to comment on the actual method they have used to gain access to the accounts.
 

CabCon

Active member
#3
There are no known exploits in 1.5.8.

It is more likely that they have gained access due to insecure passwords, or possibly an add-on.

Unless they can provide details of the exploit, it's impossible for us to comment on the actual method they have used to gain access to the accounts.
Ok I can understand that, I have these addons installed:
Code:
AVForums.com - Auto Link Titles 1.0.10
******* - Monthly Top Posters Sidebar 1.0.0
CTA Table BB Code 1.1.1
Most Online User 1.2
TaigaChat Pro 1.4.3
[8wayRun.Com] XenUtiles (Staff) 1.0.1
[Nobita] Import Avatar From URL 1.0.1
[RainDD] Chrome Theme-Color Template Mod 0.1.0
[rellect] AdBlock Detector 1.7.3
[SSD] Custom Markup For Users 1.0.1
Do you know which one of these use the user id or a password which could make the exploit.
 

Claudio

Well-known member
#4
Ok I can understand that, I have these addons installed:
Code:
AVForums.com - Auto Link Titles 1.0.10
******* - Monthly Top Posters Sidebar 1.0.0
CTA Table BB Code 1.1.1
Most Online User 1.2
TaigaChat Pro 1.4.3
[8wayRun.Com] XenUtiles (Staff) 1.0.1
[Nobita] Import Avatar From URL 1.0.1
[RainDD] Chrome Theme-Color Template Mod 0.1.0
[rellect] AdBlock Detector 1.7.3
[SSD] Custom Markup For Users 1.0.1
Do you know which one of these use the user id or a password which could make the exploit.
Check ******* addon. He was banned from this forum, you won't find his addons on XenForo.com. I'd suggest you to uninstall it and change all your passwords.
 

Mike

XenForo developer
Staff member
#5
Any add-on could have vulnerabilities, so we couldn't really comment.

Issues like this are very commonly caused by password reuse. There are plenty of sites that have been compromised with password dumps. This is very common in the gaming community (and MineCraft specifically). Reusing a password from a compromised site means your account can be compromised without any other flaw on the "target" site.

Aside from not reusing passwords, we'd recommend enabling two step verification on accounts (if you care about the security of them at least; some people won't care about a simple forum account).
 

CabCon

Active member
#6
Check ******* addon. He was banned from this forum, you won't find his addons on XenForo.com. I'd suggest you to uninstall it and change all your passwords.
To be safe I will disable the plugin, thank you!

Any add-on could have vulnerabilities, so we couldn't really comment.

Issues like this are very commonly caused by password reuse. There are plenty of sites that have been compromised with password dumps. This is very common in the gaming community (and MineCraft specifically). Reusing a password from a compromised site means your account can be compromised without any other flaw on the "target" site.

Aside from not reusing passwords, we'd recommend enabling two step verification on accounts (if you care about the security of them at least; some people won't care about a simple forum account).
Ok thank you for these information, I will activate the two step verification.
 

CabCon

Active member
#9
Me and my other admin came on the idea that it could be a brute force attack. I activate the CAPTCHA after 4 login attempts. Hopefully account stealing will stop :)
 
Last edited: