We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases.
Protecting Your IP.Board
There are two methods to protect your community.
Method 1: Disable OpenID
The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP:
- Click "Log In Management" in the AdminCP
- Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue.
- If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No"
If OpenID is disabled and you do not use/need this login method you do not need to do anything further.
Method 2: Upload Source File
If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file.
Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement.
Source: Click Here