'[oss-security] CVE request for Ushahidi security vulnerability 2012-008'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request for Ushahidi security vulnerability 2012-008
From:       Robbie Mackay <robbie () ushahidi ! com>
Date:       2012-11-30 0:09:11
Message-ID: 50B7F927.5090208 () ushahidi ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The following vulnerability was found in Ushahidi and fixed in the
Ushahidi 2.6.1 release.
Could you please assign a CVE?

Forgotten password challenges were guessable based on users last login
and email address.
The issue was discovered by Timothy D. Morgan

Security advisory:
http://ushahidi.com/index.php/security/alert/sa-web-2012-008
Issue: https://github.com/ushahidi/Ushahidi_Web/issues/646
Commit:
https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e

- -- 
Robbie Mackay

Software Developer, External Projects
Ushahidi Inc
e: robbie@ushahidi.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQt/kmAAoJEKnxsxigzOTXkQwH/izEngpyMz20xT7rXR6XKIsI
soyPHtDYhrAao+8MbqorqkUYH0PELJ5F3mevo1StKx05oDrHfIjdGq7OqM6/BSeS
1skF3H9o0D6bPD2pDlva/F1yCST9fEnhru6Tn8pcKyJeZK82zLlo669KDs8AcFOX
0pifIa/Bv6zhGzbiRRQrF/JfQm/a5VARfOy2CZgAi5+ee6L+4/lizt5q51QMflGd
COCbRh6gq7ORWCguoE36keWWgCc4D+ducq2zkGvwfbnBuZrwbJZOh4rEiYphCAR5
i2XIh8MXt8gppMKE4ewpKcrW6hUnmVBYn5gMfqRrB3IkUBjFtTFDK2xCwaTcEzM=
=4a/A
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic