14 DAY TRIAL // Invision Power Services has released critical security updates for IP.Board 3.2.x, 3.3.x, and 3.4.x after being notified of a vulnerability that could allow an unauthorized party to gain access to administrator accounts.
The details of the issue have not been disclosed to give the community time to apply the patches.
Users of IP.Board versions 3.4, 3.3 and 3.2 are advised to apply the update as soon as possible. Customers who utilize older versions are advised to upgrade their installations in order the benefit from all security enhancements.
Those who apply the patches should know that their admin control panels will still display the security bulletin. The bulletin will stay there for at least a week after the security release.
According to IPS, the security hole has been discovered and reported by security researcher John Jean.
The patches are available for download here.
Update. The researcher who identified the vulnerability, John Jean, has published a detailed advisory and proof-of-concept code to explain how the issue can be exploited.