I want answers and I want them now. This is completely and utterly ridiculous. Absurd. A complete farce.

Never have I ever been so concern than I was two days ago. After watching this ridiculous security flaw unfold, and talking it over with Chronos, he made a strong point. HOW THE !@#$%& DO YOU SCREW UP A STABLE PLATFORM LIKE VBULLETIN 3.8?!?!!

We’ve had our fair share of vulnerabilities when vBulletin was under Jelsoft. They varied from Cross Site Request Forgeries, Cross Site Scripting Vulnerabilities and SQL Injections. NEVER EVER had I ever seen a vulnerability as bad as the one introduced by Internet Brands. A vulnerability that could potentially expose your SQL Username, SQL Password, SQL Server and SQL Port information? My God!

Vulnerabilities were at least contained strictly to the application itself, but now it has completely spread beyond the application and allowing script kiddies direct access into people’s database server.

I find that extremely unsettling. To err is human, to screw up a stable version of vBulletin requires Internet Brands.

As many are now aware, a recent security flaw was discovered in vBulletin 3.8.6 which could potentially allow a hacker to gain crucial information such as the MySQL username and password. Although Internet Brands was quick to release a patch and fix this issue, the question still stands – How did this happen?

No doubt the die-hard IB fans will say it’s perfectly normal and expected that software have some bugs, as it’s part of the process, and I agree with this to a point, but to have a flaw as big as this is completely unacceptable. We’re not talking about a minor bug, we are talking about extremely critical administrator information being potentially exposed to anyone in a few simple steps to take advantage of this flaw. How does this make it past QA, and if they are missing flaws this extreme, what else lies beneath that we have yet to discover? With vBulletin 3 being as mature as it is, should we not have higher expectations, or is that asking too much?

Bravo, you have really outdone yourself this time Internet Brands.

What do the rest of you think? Is this something that’s acceptable or are we blowing this out of proportion?