Quote:
Originally Posted by wehateporn
How do you suspect they got your password
|
VBulletin passwords are not salted in a secure way in early versions and poorly encrypted in later versions.
GFY is vulnerable to several exploits. It's the most insecure, rubbish forum software and it really amazes me how popular it is considering it's numerous weaknesses.
Quote:
This weekend, I loaded five additional data breaches into Have I been pwned (HIBP) that had come from various forums running on vBulletin. These came via supporters that had collected them from data breach traders over the years and some of them dated back quite some time. I always go to great lengths to validate that a breach is indeed legitimate and one of the ways I do that is to take a real good look at the passwords stored in the system and ensure that they do indeed adhere to the sorts of password patterns we’re used to seeing (i.e. poorly chosen and often including the name of the site). Fortunately for my purposes here – and unfortunately for those who actually had accounts on these sites – vBulletin does a pretty sloppy job of storing passwords and I thought I’d use this as an opportunity to demonstrate just what I mean by that. I’ll also show how “salted hashes” can be created in a very weak fashion as used by vBulletin or a very strong fashion using modern adaptive algorithms.
|
https://www.troyhunt.com/data-breach...etin-and-weak/
Well worth a read.
Don't use a password on GFY that you use anywhere else and if you do then start changing all of your passwords.