PHPBB PATCHES 10-YEAR AUTH BYPASS FLAW

The vulnerability in phpBB forum software enabled attackers to bypass authentication mechanisms and gain unauthorized access to user accounts at any privilege level. An attacker exploiting the flaw could compromise administrator accounts, leading to full control over forum operations, user data, and system settings. The bug remained undetected for ten years before discovery, raising concerns about how many instances may have been compromised during that period. phpBB maintainers released a patch addressing the issue, and users are advised to update immediately. The exact technical details of the vulnerability remain limited as the patch rolls out. phpBB recommends all administrators apply updates to vulnerable installations and consider reviewing access logs for suspicious activity. Forum owners should also reset passwords for critical accounts as a precaution. This incident underscores the security risks in legacy software and the importance of regular updates, even for established open-source projects.