OpenSUSE forums defaced via unknown vBulletin 0-day

The official forums of the openSUSE Linux distribution have been hacked and defaced by a Pakistani hacker that goes by the handle “H4x0r HuSsY.”

According to THN, the hacker has defaced the site and downloaded a database containing information about nearly 80,000 forum users, and did so by using a private vBulletin zero-day exploit that allowed him to browse, read or write / overwrite any file on the Forum server without root privileges.

The exploit apparently takes advantage of a flaw present in the vBulletin version used for the openSUSE forums (4.2.1), but also the latest version of the online forum software package (5.0.5).

The hacker claims that the user database he managed to get his hands on contains usernames, passwords and email addresses, and has posted a redacted screenshot of it to prove his claim.

But openSUSE admins claim that passwords have not been compromised.

“Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack,” they explained in a blog post. “What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.”

Still, the local database did contain users’ email addresses.

They also announced that the forums will be taken offline until a fix or a workaround for the exploited flaw is found.

vBulletin is an extremely popular forum software package and is used by many large web forums, and their admins might want to consider doing the same.