[tor-dev] [tor-talk] Trac accounts and potential account compromise

Erinn Clark erinn at torproject.org
Fri May 2 03:45:40 UTC 2014

* Erinn Clark <erinn at torproject.org> [2014:05:01 22:41 -0400]: 
> Dear Tor Trac users,
> We learned on recently that there was a bug in our Trac setup that allowed
> anyone to register a new user account for an existing user name, overwriting
> the existing user's password and thereby taking over the account [0].

I forgot the [0] :) Here it is:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140501/2af284b3/attachment.sig>

More information about the tor-dev mailing list