[tor-dev] [tor-talk] Trac accounts and potential account compromise
Erinn Clark
erinn at torproject.org
Fri May 2 03:45:40 UTC 2014
* Erinn Clark <erinn at torproject.org> [2014:05:01 22:41 -0400]:
> Dear Tor Trac users,
>
> We learned on recently that there was a bug in our Trac setup that allowed
> anyone to register a new user account for an existing user name, overwriting
> the existing user's password and thereby taking over the account [0].
I forgot the [0] :) Here it is:
https://trac.torproject.org/projects/tor/ticket/11545
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140501/2af284b3/attachment.sig>
More information about the tor-dev
mailing list