Forum Security Flaw

SafeDad

SafeDad

CPSDarren - Admin
Staff member
It has come to our attention that a major security flaw was introduced with the maintenance patch done last Saturday. This flaw effectively allowed even a casual hacker to obtain Admin access. The flaw was fixed with a patch that I was able to implement last night.

In the mean time, at least one person was able to take advantage of this flaw. That one seems to have been benelovent and simply alerted us to the flaw (thank you if you are reading!). It's possible that other hackers were able to cover their tracks were able to do subtle damage or allow themselves access to do harm in the future in some manner. This could include almost anything, including changes to accounts, forums, removal of posts, you name it.

I am currently away on vacation and have very limited and slow internet access. I am working with our provider to make sure the security flaw is fixed and that we discover any unusual activity. If you have noticed any odd issues over the last 6 days or in the near future, please post it here. Hopefully, nothing major was done and a restore from a backup will not be necessary. Thank you and apologies for any issues this may have caused!
 
ADS
SafeDad

SafeDad

CPSDarren - Admin
Staff member
The service provider just got back to me. They have no indication at this time that anything else was done by the person who left the friendly warnings or anyone else. So, it is pretty unlikely there will be any issues, but it is still possible there is something that was overlooked. We got lucky it seems!

Yeah, it is a very scary flaw. Apparently the developers left a piece of testing code in one file that allowed even a novice to get full access to the Admin account and database. That's what you expect from free forum software with random developers, not something that is a paid product with employed development and support.

Back to vacation for me, see ya all next week!
 
ctbcleveland

ctbcleveland

Well-known member
Aww shucks....I was going to come here and tell you that all my rep mysteriously dissappeared and I am left with only two green boxes next to my name :p

Guess that excuse won't fly.
 

Car-Seat.Org Facebook Group

Find us on Facebook Here

Sponsors

CarseatBlog
Britax Child Safety
Graco Baby
Nuna Baby

Forum statistics

Threads
219,660
Messages
2,196,909
Members
13,531
Latest member
jillianrose109

You must read your carseat and vehicle owner’s manual and understand any relevant state laws. These are the rules you must follow to restrain your children safely. All opinions at Car-Seat.Org are those of the individual author for informational purposes only, and do not necessarily reflect any policy or position of Carseat Media LLC. Car-Seat.Org makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis. If you are unsure about information provided to you, please visit a local certified technician. Before posting or using our website you must read and agree to our TERMS.

Graco is a Proud Sponsor of Car-Seat.Org! Britax is a Proud Sponsor of Car-Seat.Org! Nuna Baby is a Proud Sponsor of Car-Seat.Org!

Please  Support Car-Seat.Org  with your purchases of infant, convertible, combination and boosters seats from our premier sponsors above.
Shop travel systems, strollers and baby gear from Britax, Chicco, Clek, Combi, Evenflo, First Years, Graco, Maxi-Cosi, Nuna, Safety 1st, Diono & more! ©2001-2022 Carseat Media LLC

Top