Jump to content
Sign in to follow this  
NewsBot

[News] Update: WoltLab Suite 5.2.6 / 3.1.14

Recommended Posts

We have just released new versions of our products:

  • WoltLab Suite 5.2.6
  • WoltLab Suite 3.1.14


Stability releases (also known as "minor releases") aim to solve existing problems in the current version. Like every stability release, they do not introduce new features; It is strongly recommended to apply these updates.

Recent Investigations on Compromised Communities

We have become aware that a few customer sites have been compromised in an attempt to steal user credentials. The attacker did modify a few files to capture plaintext passwords and installed a backdoor in order to regain access at a later point. This update will overwrite the files containing the malicious changes with the original versions.


Furthermore, any intercepted plaintext password was stored in the database column logToken in the table wcf1_user that was added by the attacker. This update will nullify those values by replacing them with the string compromised, account that did not have the password stolen will have an empty value.


If you have any questions or to seek advice if your site had been compromised, please get in touch with us, we'll help you.

How Did the Attacker Gain Access?

Investigations strongly indicate that the attacker gained access to the systems by logging in with an administrator's account using credentials that have been stolen previously. We cannot stress this enough: DO NOT REUSE PASSWORDS ON OTHER SITES. YOU PUT YOURSELF AND YOUR COMMUNITY AT RISK!

Performing System Updates

Open your Administration Control Panel and navigate to Configuration > Packages > List Packages. Please click on the button Search for Updates located in the right corner above the package list.

Notable Changes

The list below includes only significant changes, minor fixes or typos are generally left out.



(Will be added later.)

Gesamten Artikel anzeigen

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

Please read the following informations: Terms of Use, Privacy Policy und Guidelines. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.