newsNews: Gna! frontend back - change your passwords

 
 
Show feedback again
Latest News
mail subsystem upgraded posted by beuc, Sat May 23 18:17:18 2015 - 1 reply
dl/home/cvs/svn/www.gna.org upgraded to debian8 posted by beuc, Thu May 21 22:12:23 2015 - 1 reply
Gna.org SSL certificate renewed posted by zerodeux, Thu Apr 24 07:13:06 2014 - 4 replies
Heartbleed status and measures posted by beuc, Wed Apr 9 09:47:29 2014 - 2 replies
mail subsystem automatically reinstalled posted by beuc, Sat Mar 8 23:02:17 2014 - 0 replies
[124 news in archive]

Gna! frontend back - change your passwords

Item posted by Beuc <beuc> on Thu Dec 2 22:24:16 2010.

Following the password compromise at Savannah, which is also running the Savane Forge, we took the frontend down so we could investigate.

The (earlier) version at Gna! appears not to be impacted by the SQL injection. However it also uses (weak) MD5 hashes for storing encrypted passwords.

We took this opportunity to upgrade Savane, and have reset the passwords for safety (all the more since some people have the same password on both websites). We now use crypt(3) with SHA-512.

To change your password, you need to click on "Login" link on the left, and then on "Lost your password?".

Comments:

I am still logged in. (posted by George Koehler, Thu Dec 2 22:27:37 2010)

I looked for the "Login" link on the left, but it was not there. Then I noticed that I am still "Logged in as kernigh".

I guess that I need to click "Logout", then click "Login", then click "Lost your password?"

[ Reply ]


   

 

Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup