[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Security risk -- somebody goofed up
From: |
Kim F. Storm |
Subject: |
[Savannah-hackers] Security risk -- somebody goofed up |
Date: |
24 May 2004 16:59:11 +0200 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 |
I found this in the savannah-hackers archive:
He obviously goofed up big time!!!
> Hello savannah-hackers,
>
> Monday, May 24, 2004, 5:34:46 AM, you wrote:
>
> shgo> Someone (presumably you) on the savannah.gnu.org site requested a
> password change through email verification.If this was not you, this could
> pose
> a security risk for the system.
>
> shgo> The request came from 63.241.219.202
> shgo> (IP: 63.241.219.202 port: 41783)nwith Mozilla/5.0 (X11; U; Linux i686;
> en-US; rv:1.4.1) Gecko/20031114
>
> shgo> If you requested this verification, visit the same URL
> shgo> to change your password:
>
> shgo>
> https://savannah.gnu.org//account/lostlogin.php?confirm_hash=XXXXXXXXXXXXXXXXXXXXXXXXXX
>
And he included the actual hash -- so everybody is free to steal his account
now.
>
> shgo> If you did not request this verification, please visit this URL to
> report
> about it to address@hidden
>
> shgo> In any case make sure that you do not disclose this url to
> shgo> sombody else, e.g. do not mail this to a public mailinglist!
>
> shgo> -- the Savannah team.
>
>
> shgo> _______________________________________________
> shgo> Message sent via/by Savannah
> shgo> http://savannah.gnu.org/
>
>
> Not from here. Boot their sorry arses into oblivion!
>
> Our SysAdmin has been informed too - he ain't always nice
> but he is always right. You have been advised ;O)
>
> --
> Best regards,
> Ian address@hidden">mailto:address@hidden
But your instructions are not very clear on this point -- it should
say in BIG LETTERS not to include the hash in the mail to
savannah-hackers...
--
Kim F. Storm <address@hidden> http://www.cua.dk
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-hackers] Security risk -- somebody goofed up,
Kim F. Storm <=