newsNews: Gna! frontend back - change your passwords

 
 
Show feedback again
Latest News
Gna.org SSL certificate renewed posted by zerodeux, Thu 24 Apr 2014 07:13:06 AM UTC - 0 replies
Heartbleed status and measures posted by beuc, Wed 09 Apr 2014 09:47:29 AM UTC - 1 reply
mail subsystem automatically reinstalled posted by beuc, Sat 08 Mar 2014 11:02:17 PM UTC - 0 replies
Reboot posted by beuc, Tue 04 Mar 2014 10:14:15 PM UTC - 2 replies
download+homepage subsystem automatically reinstalled posted by beuc, Sun 02 Mar 2014 09:53:20 PM UTC - 9 replies
[122 news in archive]

Gna! frontend back - change your passwords

Item posted by Beuc <beuc> on Thu 02 Dec 2010 10:24:16 PM UTC.

Following the password compromise at Savannah, which is also running the Savane Forge, we took the frontend down so we could investigate.

The (earlier) version at Gna! appears not to be impacted by the SQL injection. However it also uses (weak) MD5 hashes for storing encrypted passwords.

We took this opportunity to upgrade Savane, and have reset the passwords for safety (all the more since some people have the same password on both websites). We now use crypt(3) with SHA-512.

To change your password, you need to click on "Login" link on the left, and then on "Lost your password?".

Comments:

No messages in Gna! frontend back - change your passwords

 

Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup