More vBulletin Security Flaws – Yes Please, May I Have Another?

As many are now aware, a recent security flaw was discovered in vBulletin 3.8.6 which could potentially allow a hacker to gain crucial information such as the MySQL username and password. Although Internet Brands was quick to release a patch and fix this issue, the question still stands – How did this happen?

No doubt the die-hard IB fans will say it’s perfectly normal and expected that software have some bugs, as it’s part of the process, and I agree with this to a point, but to have a flaw as big as this is completely unacceptable. We’re not talking about a minor bug, we are talking about extremely critical administrator information being potentially exposed to anyone in a few simple steps to take advantage of this flaw. How does this make it past QA, and if they are missing flaws this extreme, what else lies beneath that we have yet to discover? With vBulletin 3 being as mature as it is, should we not have higher expectations, or is that asking too much?

Bravo, you have really outdone yourself this time Internet Brands.

What do the rest of you think? Is this something that’s acceptable or are we blowing this out of proportion?