CVE-2019-16759 3dflow.net forum status

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • 3Dflow
    Administrator
    • Jun 2017
    • 18

    CVE-2019-16759 3dflow.net forum status

    3Dflow's forum (the webpage you are reading) is running using vBulletin, a proprietary, commercial, Internet forum software package which is not made or maintained by 3Dflow SRL.

    Unfortunately, 2 days ago (25.09.19) a vBulletin vulnerability was made public, CVE-2019-16759

    This vulnerability allowed attackers to disrupt services to a lot of internet websites, including 3Dflow's forum and website. The outage lasted less than 3 hours on our end, as we were able to quickly respond to the attack.

    We'd like to take a few moments for transparency to describe and assess what happened and how this impacts you.

    What happened to 3dflow.net, the forum, and its related services ?

    The attacker(s) deleted all files in the webserver, making the website 3dflow.net unavailable for a brief period of time.

    Differnet 3dflow.net services running on separate servers and users were not affected.

    Why was the 3dflow.net forum offline for an extended period of time?

    Unfortunately, vBulletin did not warn any of its customer during a window that lasted almost 24h and that gave enough time to attackers to bring 3dflow.net down.

    Although we were very fast in responding to the attack, we felt necessary to keep certain services (forum and 3dflow account area) unreachable as we investigated what else (aside the obvious denial of service) attackers may have done given the potential impact of this vulnerability.

    After a thorough investigation - backed up also by the support team of our hosting service, dreamhost - it seems that no other damage was done. Log analysis does not reveal any data breach. Please note that your passwords are safely stored, hashed and salted.

    The vBulletin patch was published shortly after, which allowed us to restore the service (although we kept it temporarily disabled as we did additional investigation and testing).

    How does this affect me ?

    Although we are confident that there was no data breach, this vulnerability, while made public only 48 hours ago, was in vbulletin codebase for much longer (speculations say even three years). There is a very small chance that in the past an attacker could have had access to this data. Unfortunatly, due to GDPR laws and regulations, we cannot keep log files for that long.

    We forced a password change as a precaution to guarantee your safety. If you use this same password on other websites, we strongly suggest you change it there as well - this is a common practice (passwords should never be reused) and we suggest you also change all your passwords on other vbulletin forums you may be subscribed to.

    Please note that your purchase information (address, phone number, etc) are not stored on this server - so while you may have linked your forum account to your 3dflow account, the only potential data that could have been extracted are name, surname, email address, hashed password and license keys. Again, we have no evidence that any type of data breach happened and this is just a precaution.

    More information about the vulnerability:


    <p>A security issue has been reported to the vBulletin team. To fix this issue, we have created a new security patch.</p> <p>You can download the patch for your version in the <a href="http://members.vbulletin.com/patches.php">Member's Area</a></p> <p>We have made patches


    A new zero-day vulnerability, CVE-2019-16759, was just unearthed in vBulletin, a proprietary Internet forum software package.


    Please remember that we are more than happy to reply any question you may have at support@3dflow.net or in this thread!
Working...