It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials.
This issue might allow an attacker to read arbitrary private messages posted to the bulletin board; limiting confidentiality.
OpenBB contains a flaw that allows a remote attacker to read arbitrary private messages. The issue is due to the software not properly verifying user ID or session ID when displaying private messages. If an attacker provides a specially crafted URL with the ID of an arbitrary message, the system will display it.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.