University Crest

[wlug] OpenSUSE Forums Defaced, Email Addresses Leaked

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Thu Jan 9 12:34:21 NZDT 2014

"The openSUSE Forums were hijacked yesterday. An alleged Pakistani
hacker who goes by handle H4x0r HuSsY reportedly exploited a
vulnerability in the vBulletin 4.2.1 software SuSE uses to host the
forum. vBulletin is a proprietary forum software. The openSUSE team
notes that user passwords were not compromised. 'Credentials for your
openSUSE login are not saved in our application databases as we use a
single-sign-on system (Access Manager from NetIQ) for all our
services. This is a completely separate system and it has not been
compromised by this crack. What the cracker reported as compromised
passwords where indeed random, automatically set strings that are in
no way connected to your real password.' It's shocking to learn that
SUSE/openSUSE are using proprietary forum software vBulleting as well
as proprietary single sign on solution."

-- source:

Cheers, Peter
Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ          Ph. +64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato