[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: ikiwiki
From:       Martin Schulze <joey () infodrom ! org>
Date:       2008-05-31 13:46:36
Message-ID: 20080531134636.GA20830 () finlandia ! home ! infodrom ! org
[Download RAW message or body]

Nico Golde wrote:
> Hi,
> Joey Hess discovered that if openid and passwordauth 
> plugins are both ennabled in ikiwiki which is the case in 
> the default installation anyone can log in using an openid 
> that has already been used to login into the wiki and 
> doesn't use a password.
> 
> This is Debian bug: http://bugs.debian.org/483770
> 
> As Steven is currently on semi-vacation, Martin can you 
> assign a CVE id for this issue from the Debian pool?

Please use CVE-2008-0169.

Regards,

	Joey

-- 
Experience is something you don't get until just after you need it.
[prev in list] [next in list] [prev in thread] [next in thread]