Re: wiki.debian.org password reset

To: debian-www@lists.debian.org, debian-admin@debian.org
Subject: Re: wiki.debian.org password reset
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 7 Jan 2013 21:19:09 +0000
Message-id: <[🔎] 20130107211909.GK21398@riva.dynamic.greenend.org.uk>
Mail-followup-to: debian-www@lists.debian.org, debian-admin@debian.org
In-reply-to: <E1TrzM0-00008I-CV@riva.pelham.vpn.ucam.org>
References: <E1TrzM0-00008I-CV@riva.pelham.vpn.ucam.org>

On Sun, Jan 06, 2013 at 10:39:31PM +0000, Luca Filipozzi wrote:
> Please recall our recent email regarding the moinmoin [1] vulnerability [2] and
> the penetration of Debian's wiki [3].  We have reset all password hashes and
> sent individual notification to all Debian wiki account holders with
> instructions on how to recover (and thereby reset) their passwords [4].  More
> technical details about the attack are available [5].

Thanks.  I noticed that my passwords on wiki.debian.org and
wiki.debconf.org were identical, but my password on wiki.debconf.org had
not been automatically reset.  Perhaps it's worth auditing for this,
since I suspect this is not uncommon?

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: wiki.debian.org password reset
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: wiki.debian.org password reset
Next by Date: Re: wiki.debian.org password reset
Previous by thread: Re: wiki.debian.org password reset
Next by thread: Re: wiki.debian.org password reset
Index(es):
- Date
- Thread