PoolLeaks.com and its parent company, DDoS-tourism company CrowdStrike, have issued a vulnerability patch for the popular PoolDrop social media plugin.
The vulnerability, CVE-2017-8133, has been released today by the vendor, which is part of the Trend Micro security team.
PoolLeaks has patched its pool-sharing plugin to work around the issue.
PoolLeaks has also updated the plugin to remove the ability to create custom user accounts from the pool.
Users can now create a new user account with a unique username and password.
A user can now change the password of an existing user.
The plugin can also now be configured to automatically connect to a local proxy server if the user has a proxy server configured.
Users will be able to log in with a new username and a new password.
PoolDrop’s user interface will also display a message indicating that a new account has been created.
Users can logout of the plugin and re-open the plugin with a different username and new password, but the plugin will automatically re-connect to the pool server.
PoolDrop, the social media platform that was launched in 2009, was founded by former Twitter engineer Ben Herring.
It was purchased by Twitter in 2016.