IMPORTANT: The forum is in Read-Only mode and registrations have been disabled.

phpBB updrade?

Talks about web site construction, changes and administration, public relations and permissions.

Moderators: Rafa, ModeratorGroup

Posts: 4211
Joined: Fri Oct 27, 2006 7:27 am
Location: Finland

phpBB updrade?

Post by notareal »

If ever phpBB get upgraded it would be good to keep this in mind ... _using_lfi

"However, phpBB is not entirely off the hook, as the phpBB team admits. The stolen files included only hashed passwords, however phpBB 2 hash was unsalted and the hackers successfully brute forced 28,000 passwords. While phpBB 3, which is used on the phpBB site uses better password hashing, the upgrade procedure did not upgrade existing users waiting for their 1st login to upgrade. Anyone who did not log-in to the web site since the upgrade still had weakly hashed password in the database."
Site Admin
Posts: 4627
Joined: Mon Jul 04, 2005 9:59 am
Location: Athens, Greece

Post by giannis »

When it comes to security, it all boils down to hoping and praying... :roll: