newsNews: Gna! frontend back - change your passwords

Show feedback again
Latest News
mail subsystem upgraded posted by beuc, Sat 23 May 2015 06:17:18 PM UTC - 0 replies
dl/home/cvs/svn/ upgraded to debian8 posted by beuc, Thu 21 May 2015 10:12:23 PM UTC - 0 replies SSL certificate renewed posted by zerodeux, Thu 24 Apr 2014 07:13:06 AM UTC - 2 replies
Heartbleed status and measures posted by beuc, Wed 09 Apr 2014 09:47:29 AM UTC - 0 replies
mail subsystem automatically reinstalled posted by beuc, Sat 08 Mar 2014 11:02:17 PM UTC - 0 replies
[124 news in archive]

Gna! frontend back - change your passwords

Item posted by Beuc <beuc> on Thu 02 Dec 2010 10:24:16 PM UTC.

Following the password compromise at Savannah, which is also running the Savane Forge, we took the frontend down so we could investigate.

The (earlier) version at Gna! appears not to be impacted by the SQL injection. However it also uses (weak) MD5 hashes for storing encrypted passwords.

We took this opportunity to upgrade Savane, and have reset the passwords for safety (all the more since some people have the same password on both websites). We now use crypt(3) with SHA-512.

To change your password, you need to click on "Login" link on the left, and then on "Lost your password?".


Message: 295
I am still logged in. (posted by kernigh, Thu 02 Dec 2010 10:27:37 PM UTC)

I looked for the "Login" link on the left, but it was not there. Then I noticed that I am still "Logged in as kernigh".

I guess that I need to click "Logout", then click "Login", then click "Lost your password?"

Thread Author Date
I am still logged in.kernighThu 02 Dec 2010 10:27:37 PM UTC
      RE: I am still logged in.beucFri 03 Dec 2010 07:13:36 AM UTC


Post a followup to this message

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup