Re: wiki.debian.org password reset
On Mon, Jan 07, 2013 at 09:19:09PM +0000, Colin Watson wrote:
>On Sun, Jan 06, 2013 at 10:39:31PM +0000, Luca Filipozzi wrote:
>> Please recall our recent email regarding the moinmoin [1] vulnerability [2] and
>> the penetration of Debian's wiki [3]. We have reset all password hashes and
>> sent individual notification to all Debian wiki account holders with
>> instructions on how to recover (and thereby reset) their passwords [4]. More
>> technical details about the attack are available [5].
>
>Thanks. I noticed that my passwords on wiki.debian.org and
>wiki.debconf.org were identical, but my password on wiki.debconf.org had
>not been automatically reset. Perhaps it's worth auditing for this,
>since I suspect this is not uncommon?
Hi Colin,
That's a nice idea, but the two wikis are entirely separate and both
store hashed passwords. It's difficult for us to tell if users are
using the same passwords on each system.
--
Steve McIntyre, Cambridge, UK. steve@einval.com
You lock the door
And throw away the key
There's someone in my head but it's not me
Reply to: