Re: Re: The reason behind why your Elite mail is still safe
This is true and not true. You are absolutely right about the password being blank, obviously, but let me clear up some other things.
Passwords are stored in the database. If you look for the "duplicate ip/password list" hack on vb.org you will find that it is very easy to pull up a list and compare passwords from the database. However for the record this was for version 2.2.3 and newer (exception is vb3). And the passwords were encrypted when that came out. It all depends on which version of Vbulletin Elite is using. Passwords at one time were not encrypted. I think that when version 2.2.0 came out they finally encrypted the passwords.
Any current version of vbulletin, the passwords are encrypted. And when you request that a password be mailed to you, it automatically resets the password. However older versions of vbulletin would e-mail you the actual password. So you could change the password in the admin panel, e-mail it to yourself and then change the password back and have their real password without them knowing. Again, this changed with version 2.2 I believe. I also know that Chen, you know him if you visit vb.org or vb.com, even after vb 2.3 and beyond came out he made a post saying that he would login as someone to check on a problem. The password was not given to him, so it is still technically possible even with the encrypted password. Encryption on vb can be broken pretty easily from what I understand if you know what you are doing.
I do not know much about the situation at Elite, and I don't know what they have built into the message board. I am basically just explaining some of the inner workings of vbulletin. Anything is possible with vbulletin, it's just finding someone that knows how.
*Edit to add this.
I know I only have one post now
, but I admin Anabolic Review and the Message Board. I've been working with vbulletin for years. I don't want you to think I am just making this stuff up.
BiggieSwolls said:
This is true and not true. You are absolutely right about the password being blank, obviously, but let me clear up some other things.
Passwords are stored in the database. If you look for the "duplicate ip/password list" hack on vb.org you will find that it is very easy to pull up a list and compare passwords from the database. However for the record this was for version 2.2.3 and newer (exception is vb3). And the passwords were encrypted when that came out. It all depends on which version of Vbulletin Elite is using. Passwords at one time were not encrypted. I think that when version 2.2.0 came out they finally encrypted the passwords.
Any current version of vbulletin, the passwords are encrypted. And when you request that a password be mailed to you, it automatically resets the password. However older versions of vbulletin would e-mail you the actual password. So you could change the password in the admin panel, e-mail it to yourself and then change the password back and have their real password without them knowing. Again, this changed with version 2.2 I believe. I also know that Chen, you know him if you visit vb.org or vb.com, even after vb 2.3 and beyond came out he made a post saying that he would login as someone to check on a problem. The password was not given to him, so it is still technically possible even with the encrypted password. Encryption on vb can be broken pretty easily from what I understand if you know what you are doing.
I do not know much about the situation at Elite, and I don't know what they have built into the message board. I am basically just explaining some of the inner workings of vbulletin. Anything is possible with vbulletin, it's just finding someone that knows how.
*Edit to add this.
I know I only have one post now
, but I admin Anabolic Review and the Message Board. I've been working with vbulletin for years. I don't want you to think I am just making this stuff up.
Last edited:
