Announcement

Collapse

CVE-2019-16759 3dflow.net forum status

Please read the following report on the recent CVE-2019-16759 disclosure https://www.3dflow.net/forums/forum/...t-forum-status
See more
See less

CVE-2019-16759 3dflow.net forum status

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CVE-2019-16759 3dflow.net forum status

    3Dflow's forum (the webpage you are reading) is running using vBulletin, a proprietary, commercial, Internet forum software package which is not made or maintained by 3Dflow SRL.

    Unfortunately, 2 days ago (25.09.19) a vBulletin vulnerability was made public, CVE-2019-16759

    This vulnerability allowed attackers to disrupt services to a lot of internet websites, including 3Dflow's forum and website. The outage lasted less than 3 hours on our end, as we were able to quickly respond to the attack.

    We'd like to take a few moments for transparency to describe and assess what happened and how this impacts you.

    What happened to 3dflow.net, the forum, and its related services ?

    The attacker(s) deleted all files in the webserver, making the website 3dflow.net unavailable for a brief period of time.

    Differnet 3dflow.net services running on separate servers and users were not affected.

    Why was the 3dflow.net forum offline for an extended period of time?

    Unfortunately, vBulletin did not warn any of its customer during a window that lasted almost 24h and that gave enough time to attackers to bring 3dflow.net down.

    Although we were very fast in responding to the attack, we felt necessary to keep certain services (forum and 3dflow account area) unreachable as we investigated what else (aside the obvious denial of service) attackers may have done given the potential impact of this vulnerability.

    After a thorough investigation - backed up also by the support team of our hosting service, dreamhost - it seems that no other damage was done. Log analysis does not reveal any data breach. Please note that your passwords are safely stored, hashed and salted.

    The vBulletin patch was published shortly after, which allowed us to restore the service (although we kept it temporarily disabled as we did additional investigation and testing).

    How does this affect me ?

    Although we are confident that there was no data breach, this vulnerability, while made public only 48 hours ago, was in vbulletin codebase for much longer (speculations say even three years). There is a very small chance that in the past an attacker could have had access to this data. Unfortunatly, due to GDPR laws and regulations, we cannot keep log files for that long.

    We forced a password change as a precaution to guarantee your safety. If you use this same password on other websites, we strongly suggest you change it there as well - this is a common practice (passwords should never be reused) and we suggest you also change all your passwords on other vbulletin forums you may be subscribed to.

    Please note that your purchase information (address, phone number, etc) are not stored on this server - so while you may have linked your forum account to your 3dflow account, the only potential data that could have been extracted are name, surname, email address, hashed password and license keys. Again, we have no evidence that any type of data breach happened and this is just a precaution.

    More information about the vulnerability:

    https://nvd.nist.gov/vuln/detail/CVE-2019-16759
    https://forum.vbulletin.com/forum/vb...-5-3-and-5-5-4
    https://www.zdnet.com/article/anonym...ands-of-sites/
    https://sensorstechforum.com/cve-201...etin-zero-day/

    Please remember that we are more than happy to reply any question you may have at support@3dflow.net or in this thread!
Working...
X