openSUSE forums hijacked, emails leaked

openSUSE Forums were hijacked today, reports The Hacker News. An alleged Pakistani hacker who goes by handle H4x0r HuSsY reportedly exploited the vulnerability in vBulletin 4.2.1 software which SUSE uses to host the forum. vBulletin is a proprietary forum software. The good news is that sensitive data like user passwords has not been compromised, unlike the breach that we saw with Target.

The Hackernews wrongly reported that the cracker gained full access to users account, including password. The openSUSE team has denied that the users passwords were compromised by this cracker.

Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.

However, some user data is stored in the local database for convenience, in the case of the forum the user email addresses. Those the hackers had access too and we’re very sorry for this data leak!

While as an openSUSE user it’s good to see that none of the user-data was compromised it’s shocking to learn that SUSE/openSUSE are using proprietary forum software vBulleting as well as proprietary sign-in solutions from NetIQ.

They need to move to some open source technologies.

About Swapnil Bhartiya

A free software fund-a-mental-ist and Charles Bukowski fan, Swapnil also writes fiction and tries to find cracks in the paper armours of proprietary companies. Swapnil has been covering Linux and Free Software/Open Source since 2005.

One thought on “openSUSE forums hijacked, emails leaked

  1. Open Source software is not impenetrable, using FOSS over Closed Source software may have mitigated this particular issue (because it would not have existed) but it may not have mitigated N others which could also exist on $whichever FOSS forum software.

Leave a Reply