Security firm scrambles to respond to breach

Security vendor Comodo has fallen victim to the vBulletin vulnerability

Security vendor Comodo has fallen victim to a recently disclosed remote code execution (RCE) security vulnerability impacting vBulletin, the popular internet forum software package.

Exploit code for a zero-day flaw in vBulletin was dropped on Monday, September 23.

The PHP template injection vulnerability affected the most recent versions of the software (from 5.0.0 till 5.5.4), but not older versions, which are used by the majority of the userbase.

For those affected forums, the exploit worked pre-authorization – greatly easing the path to exploitation by doing away with the need for an attacker to have login credentials to any targeted system.

The developers of the forum software scrambled to develop a set of patches, published on Wednesday, September 25.

However, this was evidently not soon enough for some.

Comodo Forums hit by exploit

Comodo detected a breach on its vBulletin-powered forum in the early hours of Sunday morning, advising users to change-up their passwords as a precaution.

The security vendor's forums currently have approximately 245,000 registered users.

Comodo’s breach notice explains:

An unknown attacker exploited the recently discovered vBulletin vulnerability and potentially gained access to the forums database.

Our investigations are ongoing to determine what data, if any, has been accessed. User accounts on the forums contain information such as username, name, e-mail address, last IP used to access the forums and if used, potentially some social media usernames in very limited situations.

“All user passwords in the database were stored encrypted,” the company said.

The statement adds that Comodo’s infrastructure team “immediately took steps to mitigate the exploit by taking the forums offline and applying the recommended patches” – something that only happened some days after patches to defend against the high-profile exploit were released.

Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, last week advised users of vulnerable forums to consider suspending those services pending the availability of the appropriate security patches.

In its breach notice, Comodo said: “As members of our community of Comodo Forum users we want to reassure you that we have put in place measures to ensure that vulnerabilities in third-party software, such as vBulletin, will be patched immediately when patches become available.”

YOU MIGHT ALSO LIKE Comodo releases hotfix for antivirus security vulnerabilities