1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 xenforo 1.5.8 Account Exploit

Discussion in 'Troubleshooting and Problems' started by CabCon, Jun 9, 2016.

  1. CabCon

    CabCon Active Member

    someone contacted me via skype that he have access to some of my registered members (name+password). He said that he found a exploit on my website and I'm very confused because I'm using xenforo. Also the person said that he only can do it with accounts with a weak password, stronger passwords aren't so easy and would take a time. Also I looked in my IP log and yeah they got the access to the accounts. So are there any known exploit in version 1.5.8? I would like to know them. Also if someone from the developers want the skype conversation or access to my site, let me know.

  2. Brogan

    Brogan XenForo Moderator Staff Member

    There are no known exploits in 1.5.8.

    It is more likely that they have gained access due to insecure passwords, or possibly an add-on.

    Unless they can provide details of the exploit, it's impossible for us to comment on the actual method they have used to gain access to the accounts.
  3. CabCon

    CabCon Active Member

    Ok I can understand that, I have these addons installed:
    AVForums.com - Auto Link Titles 1.0.10
    ******* - Monthly Top Posters Sidebar 1.0.0
    CTA Table BB Code 1.1.1
    Most Online User 1.2
    TaigaChat Pro 1.4.3
    [8wayRun.Com] XenUtiles (Staff) 1.0.1
    [Nobita] Import Avatar From URL 1.0.1
    [RainDD] Chrome Theme-Color Template Mod 0.1.0
    [rellect] AdBlock Detector 1.7.3
    [SSD] Custom Markup For Users 1.0.1
    Do you know which one of these use the user id or a password which could make the exploit.
  4. Claudio

    Claudio Well-Known Member

    Check ******* addon. He was banned from this forum, you won't find his addons on XenForo.com. I'd suggest you to uninstall it and change all your passwords.
  5. Mike

    Mike XenForo Developer Staff Member

    Any add-on could have vulnerabilities, so we couldn't really comment.

    Issues like this are very commonly caused by password reuse. There are plenty of sites that have been compromised with password dumps. This is very common in the gaming community (and MineCraft specifically). Reusing a password from a compromised site means your account can be compromised without any other flaw on the "target" site.

    Aside from not reusing passwords, we'd recommend enabling two step verification on accounts (if you care about the security of them at least; some people won't care about a simple forum account).
  6. CabCon

    CabCon Active Member

    To be safe I will disable the plugin, thank you!

    Ok thank you for these information, I will activate the two step verification.
    Claudio likes this.
  7. Claudio

    Claudio Well-Known Member

  8. CabCon

    CabCon Active Member

  9. CabCon

    CabCon Active Member

    Me and my other admin came on the idea that it could be a brute force attack. I activate the CAPTCHA after 4 login attempts. Hopefully account stealing will stop :)
    Last edited: Jun 12, 2016

Share This Page