We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination
It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.
Generic example of the Phishing Attempt User can post a fake thread inviting others to reset their passwords using the provided link
User edits the link to append an incorrect Â“last locationÂ” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site
For example : www.vbulletin.com/forum/login.php?do=lostpw&url=http://www.google.com
Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information
This vector was reported by
HALOCK Security Labs http://blog.halock.com