New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Old vanilla version vulnerability
Cause of the drama(s).
permission hack?
Was the DB stolen? Or passwords should be ok?
Using SQL injection. http://www.cvedetails.com/cve/CVE-2013-3527/
danke
Passwords were unhashed and plain text after the attacker got in, I assume the salt was in a generically readable place...
What? Plain text passwords?
@eastonch How can you say whether the passwords were in a readable format?
Without more information from the system administrators it all is just guessing.
On the first hack, everybody was granted admin status, and then the passwords were visible to all admins (users), I read that it had been unhashed and plain-text passwords revealed.
This again happened on the second hack.
I only saw hashes back then.
The screenshots I saw only contained hashes. An "unhashing" is not possible, only brute-force attempts. I guess only @Liam can tell more
http://www.webhostingchatter.com/threads/lowendtalk-hacked.200/
http://www.erawanarifnugroho.com/2013/05/16/lowendtalk-hacked.html
http://www.hostingclerks.com/discussion/140/lowendtalk-com-hacked#Item_2
lol
Who did it? Someone any idea?