XF 1.5 xenforo 1.5.8 Account Exploit

CabCon

CabCon

Active member
Hello,
someone contacted me via skype that he have access to some of my registered members (name+password). He said that he found a exploit on my website and I'm very confused because I'm using xenforo. Also the person said that he only can do it with accounts with a weak password, stronger passwords aren't so easy and would take a time. Also I looked in my IP log and yeah they got the access to the accounts. So are there any known exploit in version 1.5.8? I would like to know them. Also if someone from the developers want the skype conversation or access to my site, let me know.

Regards,
CabCon.
 
Sort by date Sort by votes
There are no known exploits in 1.5.8.

It is more likely that they have gained access due to insecure passwords, or possibly an add-on.

Unless they can provide details of the exploit, it's impossible for us to comment on the actual method they have used to gain access to the accounts.
 
Upvote 0 Downvote
Brogan said:
There are no known exploits in 1.5.8.

It is more likely that they have gained access due to insecure passwords, or possibly an add-on.

Unless they can provide details of the exploit, it's impossible for us to comment on the actual method they have used to gain access to the accounts.
Click to expand...
Ok I can understand that, I have these addons installed:
Code: 
AVForums.com - Auto Link Titles 1.0.10
******* - Monthly Top Posters Sidebar 1.0.0
CTA Table BB Code 1.1.1
Most Online User 1.2
TaigaChat Pro 1.4.3
[8wayRun.Com] XenUtiles (Staff) 1.0.1
[Nobita] Import Avatar From URL 1.0.1
[RainDD] Chrome Theme-Color Template Mod 0.1.0
[rellect] AdBlock Detector 1.7.3
[SSD] Custom Markup For Users 1.0.1

Do you know which one of these use the user id or a password which could make the exploit.
 
Upvote 0 Downvote
CabCon said:
Ok I can understand that, I have these addons installed:
Code: 
AVForums.com - Auto Link Titles 1.0.10
******* - Monthly Top Posters Sidebar 1.0.0
CTA Table BB Code 1.1.1
Most Online User 1.2
TaigaChat Pro 1.4.3
[8wayRun.Com] XenUtiles (Staff) 1.0.1
[Nobita] Import Avatar From URL 1.0.1
[RainDD] Chrome Theme-Color Template Mod 0.1.0
[rellect] AdBlock Detector 1.7.3
[SSD] Custom Markup For Users 1.0.1

Do you know which one of these use the user id or a password which could make the exploit.
Click to expand...
Check ******* addon. He was banned from this forum, you won't find his addons on XenForo.com. I'd suggest you to uninstall it and change all your passwords.
 
Upvote 0 Downvote
Any add-on could have vulnerabilities, so we couldn't really comment.

Issues like this are very commonly caused by password reuse. There are plenty of sites that have been compromised with password dumps. This is very common in the gaming community (and MineCraft specifically). Reusing a password from a compromised site means your account can be compromised without any other flaw on the "target" site.

Aside from not reusing passwords, we'd recommend enabling two step verification on accounts (if you care about the security of them at least; some people won't care about a simple forum account).
 
Upvote 0 Downvote
Claudio said:
Check ******* addon. He was banned from this forum, you won't find his addons on XenForo.com. I'd suggest you to uninstall it and change all your passwords.
Click to expand...
To be safe I will disable the plugin, thank you!

Mike said:
Any add-on could have vulnerabilities, so we couldn't really comment.

Issues like this are very commonly caused by password reuse. There are plenty of sites that have been compromised with password dumps. This is very common in the gaming community (and MineCraft specifically). Reusing a password from a compromised site means your account can be compromised without any other flaw on the "target" site.

Aside from not reusing passwords, we'd recommend enabling two step verification on accounts (if you care about the security of them at least; some people won't care about a simple forum account).
Click to expand...
Ok thank you for these information, I will activate the two step verification.
 
Upvote 0 Downvote
Me and my other admin came on the idea that it could be a brute force attack. I activate the CAPTCHA after 4 login attempts. Hopefully account stealing will stop :)
 
Last edited:
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

TimWilson
Identifying ACTUAL inactive accounts, and requiring 2FA
Replies
4
Views
402
woody
woody
J
  • Question Question
Upgrade from Xenforo 1.5.8. to 2.2.8
Replies
13
Views
2K
James_Husum
J
otto
  • Question Question
XF 1.5 Xenforo 1.5.22 (.21 also) does not save bigger user account profiles in ACP or front end
Replies
10
Views
1K
otto
otto
malbersado
  • Question Question
XF 1.5 After update xenforo 1.5.8 no new user can register at the web
Replies
2
Views
684
Luis
L
Britney
  • Question Question
XF 1.5 (SOLVED) Importing an SMF 2.0.11 forum to Xenforo 1.5.8
Replies
2
Views
1K
Britney
Britney
Top Bottom