Mibew Messenger Community
General => General Discussion => Topic started by: nls73m on June 26, 2012, 03:45:00 PM
-
This is a great project. Unfortunately, it suffers from many security vulnerabilities that have not been fixed nor patched. How does anyone expect to use this software in production? I have not been able to find any patches to any of the security issues. :'(
-
Can you list out the security vulnerabilities that you think need to be fixed?
-
http://mibew.org/forums/index.php?topic=3332.0
https://github.com/inspirer/mibew/issues/8
http://packetstormsecurity.org/files/109242/Mibew-Messenger-1.6.4-Cross-Site-Scripting.html
http://www.cvedetails.com/vulnerability-list/vendor_id-11824/year-2012/opxss-1/Mibew.html
http://www.net-security.org/vuln.php?id=16124
http://www.securityfocus.com/bid/51723/exploit
http://www.codseq.it/advisories/mibew_messenger_multiple_xss
http://secunia.com/advisories/47787
http://forums.cnet.com/7726-6132_102-5268163.html
http://xforce.iss.net/xforce/xfdb/72822
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0829
-
Looks like it is time for a newer version just to keep up with the security holes!
-
I used this script on a hosting site and didn't know about the security issues. My site was turned into a phishing site twice. The last time was 2 days ago. I had to get my hosting provider to completely remove the site and domain name. Then set up a new account with a new domain name.
It is irresponsible of you to keep this script going and not fix the security issues.
-
All these security vulnerabilities have been fixed in our websites, also fixed all browser compatibility issues.
-
Cool, gonna update ours ASAP. This is why it is good to hear that the project back on the front burner.
-
All these security vulnerabilities have been fixed in our websites, also fixed all browser compatibility issues.
Would you mind explaining a bit further - is the new version, 1.6.5, secure?
Thanks!
-
Mibew version 1.6.5 was released fixing many known issues regarding version 1.6.4 including those security vulnerabilities stated above in this thread.
In the near future Version 2 will implement extra security features that have not yet been implemented in previous versions.
So, Yes, Mibew 1.6.5 is secure enough to be used live & version 2 will be even better.
Regards
-
Great news, thanks. Looking forward to learning my way around mibew, and esp. to new version...