Open-Source Forum Software Blamed in Security Vendor Breach

Security vulnerabilities in online forum software are not a new phenomenon. Back in 2009, the popular open-source forum was hacked. And the vBulletin online forum software has been repeatedly targeted over the years by attackers.

An Avast spokesperson told eWEEK that the company’s forum was running the open-source Simple Machines Forum (SMF) version 2.0.6.

“The latest version is SMF 2.0.7 but according to the SMF change log (and the announcements on the SMF web site) there were no security-related updates included in this version,” Avast stated. “The vulnerability was not known to us. It is not clear whether the attack was conducted via a 0-day vulnerability or a hole that was silently fixed in v2.0.7 but never announced.”

Read the full story at eWEEK:
Avast Takes Down User Forum After Breach

Sean Michael Kerner is a senior editor at Follow him on Twitter @TechJournalist.

News Around the Web