[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE id request: ikiwiki
From: Martin Schulze <joey () infodrom ! org>
Date: 2008-05-31 13:46:36
Message-ID: 20080531134636.GA20830 () finlandia ! home ! infodrom ! org
[Download RAW message or body]
Nico Golde wrote:
> Hi,
> Joey Hess discovered that if openid and passwordauth
> plugins are both ennabled in ikiwiki which is the case in
> the default installation anyone can log in using an openid
> that has already been used to login into the wiki and
> doesn't use a password.
>
> This is Debian bug: http://bugs.debian.org/483770
>
> As Steven is currently on semi-vacation, Martin can you
> assign a CVE id for this issue from the Debian pool?
Please use CVE-2008-0169.
Regards,
Joey
--
Experience is something you don't get until just after you need it.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic