openSUSE Forum hacked. Pakistani hacker compromised internal database

A Pakistani hacker named ‘H4x0r HuSsY’ has successfully compromised the official Forum of the popular Linux OS openSUSE accessing to the database.

A Pakistani hacker named ‘H4x0r HuSsY’ has successfully compromised the official Forum of the popular Linux OS openSUSE. The new shocking hack is shaking the IT security community, a few days after the blatant attack to Snapchat that exposed 4.6M usernames and numbers of its user, a Pakistani hacker defaced the home page of openSUSE forum and stolen data related to 79,500 registered users.

According first revelations the hacker despite has had full access to the database, he has promised not to disclose the database dump because the purpose of the hack is only to highlight the importance of security for so popular website.

The discovery was made by the team of security experts at The Hacker News that promptly alerted the openSUSE team.

Security experts noted that openSUSE was using a vulnerable version of the CMS vBulletin (ver 4.2.1), known to be affected by a serious flaw that allows an attacker to inject rogue administrator accounts. H4x0r HuSsY has exploited the same vulnerability to compromise the openSUSE forum, a couple of months ago the MacRumors forum was hacked with a similar technique.

The Pakistani Hacker confirmed to The Hacker News staff is that has uploaded a PHP shell on the forum server using his own Private vBulletin’s zero-day exploit, that allowed him to navigate the file system of the Forum server and write/overwrite any file without root privileges.

The worrying news it that the hacker confirmed that vBulletin 5.0.5, the latest version, is also vulnerable to his zero-day exploit and there is no patch yet available.

vBulletin is one of the most diffused CMS for easy management of the forums, this means that thousands of websites could be exposed to serious risk of hack until the flaw will be fixed. vBulletin security team must hurry up, the situation is critical.The openSUSE team has informed the users’ via tweets about the attack and its as decided to suspend its forum for the presence of the flaw in the CMS used.

“Warning: Our forums are down because they were defaced. We’re currently investigating what exactly has happened.”“As the exploit is in the forum software we use and there are no known fixes or workarounds we have decided to take the forums offline for now, until we have found a solution. Stay tuned for updates here, on twitter, facebook” or g+.” states the official security advisory.

It is possible to read that no credentials have been leaked.

“Rest assured, no user credentials have been leaked as we use a single sign on system for our services. Note that we use SSO so we don’t think we lost any account data.”

and while Pakistani hacker has shared a snapshot of stolen database, THN team has for obvious reasons obscured the passwords.

the team at openSuse has published the following statement on the official blog post

“Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.”

If you are an penSUSE user please change the password immediately.

Pierluigi Paganini

(Security Affairs – zero-day vulnerability, openSuse)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.