View Issue Details

IDProjectCategoryView StatusLast Update
0000913TranslingoGeneralpublic2011-09-15 00:19
Reporterk1c14k Assigned ToNEOatNHNG  
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0000913: Translingo account data exposed
Descriptioncecert.org->About cacert.org->Source code, download and access with your favorite editor /cacert/cacertupload.pl.
Enjoy free password.
Additional InformationWhat is wrong with you?...
TagsNo tags attached.
Attached Files
cacertupload.pl (1,623 bytes)

Activities

NEOatNHNG

2011-03-09 19:05

administrator   ~0001884

The account data for translingo is exposed in the script that uploads the gettext() files extracted from the codebase to translingo.

Proposed fix: put the account data into a second file and include it in the main one. Provide a sample file with fake account data in the tarball and repositories and only add the real data on the critical system. Password on translingo should be changed

wytze

2011-03-16 15:37

developer   ~0001891

The password for the support@cacert.org account on the translingo system has been changed on March 14, 2011.

Ted

2011-03-22 22:30

administrator   ~0001893

Just posted branch bug-913 into ssh://git-dev.cacert/var/cache/git/cacert-devel.git

NEOatNHNG

2011-04-05 22:56

administrator   ~0001908

Reviewed & Tested.

Patch sent to critical admins

wytze

2011-04-06 09:43

developer   ~0001911

Patch has been installed on production system on April 6, 2011.
See https://lists.cacert.org/wws/arc/cacert-systemlog/2011-04/msg00000.html

Issue History

Date Modified Username Field Change
2011-03-08 22:45 k1c14k New Issue
2011-03-08 22:45 k1c14k File Added: cacertupload.pl
2011-03-09 18:56 NEOatNHNG Status new => needs work
2011-03-09 18:56 NEOatNHNG Assigned To => NEOatNHNG
2011-03-09 19:05 NEOatNHNG Note Added: 0001884
2011-03-09 19:05 NEOatNHNG Status needs work => confirmed
2011-03-09 19:10 NEOatNHNG Priority normal => high
2011-03-09 19:10 NEOatNHNG Summary Very important issue => Translingo account data exposed
2011-03-16 15:37 wytze Note Added: 0001891
2011-03-22 22:30 Ted Note Added: 0001893
2011-04-05 22:56 NEOatNHNG Note Added: 0001908
2011-04-06 09:43 wytze Note Added: 0001911
2011-04-06 09:44 wytze Status confirmed => closed
2011-04-06 09:44 wytze Resolution open => fixed
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master e894a195
2011-06-19 16:53 NEOatNHNG Source_changeset_attached => cacert-devel master 7db5efae
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release e4d11212
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master e894a195
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master 7db5efae
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release e4d11212
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master e894a195
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master 7db5efae
2011-09-15 00:19 Uli60 Project Main CAcert Website => Translingo
2011-09-15 00:19 Uli60 Category source code => General