No announcement yet.

CVE-2019-16759 0day bypass forum status

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

  • CVE-2019-16759 0day bypass forum status

    3Dflow's forum (the webpage you are reading) is running using vBulletin, a proprietary, commercial, Internet forum software package which is not made or maintained by 3Dflow SRL.

    Unfortunately, yesterday (10.08.20) a vBulletin vulnerability bypass for CVE-2019-16759 has been released.

    This vulnerability allowed attackers to disrupt services to a lot of internet websites, including 3Dflow's forum and website. The outage lasted few hours unfortunately.

    We'd like to take a few moments for transparency to describe and assess what happened and how this impacts you.

    What happened to, the forum, and its related services ?

    The attacker(s) deleted all files in the webserver, making the website unavailable for a brief period of time.

    Different services running on separate servers and users were not affected.

    Why was the forum offline for an extended period of time?

    Unfortunately, it seems that the 0day was discovered and published without first alerting Vbulletin and giving time to prepare a patch. Vbulletin did not warn of a possible workaround and waited to publish the patch (which was published last night) and that gave enough time to attackers to bring down.

    We felt necessary to keep certain services (forum and 3dflow account area) unreachable as we investigated what else (aside the obvious denial of service) attackers may have done given the potential impact of this vulnerability.

    Log analysis does not reveal any data breach at this moment although an investigation is ongoing as well with our server host provider. Please note that your passwords are safely stored, hashed and salted, however we suggest to change your password.

    Please note 3Dflow staff will never ask you for your password.

    The vBulletin patch was published shortly after, which allowed us to restore the service (although we kept it temporarily disabled as we did additional investigation and testing).

    How does this affect me ?

    This is a vulnerabilty of a patch that was published around 1 year ago (September 2019). There is the chance that in the past an attacker could have used this to access the data and unfortunatly, due to GDPR laws and regulations, we cannot keep log files for that long, so we cannot be 100% sure that there have been no additional attacks.

    We forced a password change as a precaution to guarantee your safety. If you use this same password on other websites, we strongly suggest you change it there as well - this is a common practice (passwords should never be reused) and we suggest you also change all your passwords on other vbulletin forums you may be subscribed to.

    Please note that your purchase information (address, phone number, etc) are not stored on this server - so while you may have linked your forum account to your 3dflow account, the only potential data that could have been extracted are name, surname, email address, hashed password, metadata (e.g. login logs to your 3Dflow account from connected services) and license keys. Although this is a precaution, please change your password as soon as possible.

    More information about the vulnerability:

    Please remember that we are more than happy to reply any question you may have at or in this thread!