View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000913 | Translingo | General | public | 2011-03-08 22:45 | 2011-09-15 00:19 |
Reporter | k1c14k | Assigned To | NEOatNHNG | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Summary | 0000913: Translingo account data exposed | ||||
Description | cecert.org->About cacert.org->Source code, download and access with your favorite editor /cacert/cacertupload.pl. Enjoy free password. | ||||
Additional Information | What is wrong with you?... | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
|
The account data for translingo is exposed in the script that uploads the gettext() files extracted from the codebase to translingo. Proposed fix: put the account data into a second file and include it in the main one. Provide a sample file with fake account data in the tarball and repositories and only add the real data on the critical system. Password on translingo should be changed |
|
The password for the support@cacert.org account on the translingo system has been changed on March 14, 2011. |
|
Just posted branch bug-913 into ssh://git-dev.cacert/var/cache/git/cacert-devel.git |
|
Reviewed & Tested. Patch sent to critical admins |
|
Patch has been installed on production system on April 6, 2011. See https://lists.cacert.org/wws/arc/cacert-systemlog/2011-04/msg00000.html |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-03-08 22:45 | k1c14k | New Issue | |
2011-03-08 22:45 | k1c14k | File Added: cacertupload.pl | |
2011-03-09 18:56 | NEOatNHNG | Status | new => needs work |
2011-03-09 18:56 | NEOatNHNG | Assigned To | => NEOatNHNG |
2011-03-09 19:05 | NEOatNHNG | Note Added: 0001884 | |
2011-03-09 19:05 | NEOatNHNG | Status | needs work => confirmed |
2011-03-09 19:10 | NEOatNHNG | Priority | normal => high |
2011-03-09 19:10 | NEOatNHNG | Summary | Very important issue => Translingo account data exposed |
2011-03-16 15:37 | wytze | Note Added: 0001891 | |
2011-03-22 22:30 | Ted | Note Added: 0001893 | |
2011-04-05 22:56 | NEOatNHNG | Note Added: 0001908 | |
2011-04-06 09:43 | wytze | Note Added: 0001911 | |
2011-04-06 09:44 | wytze | Status | confirmed => closed |
2011-04-06 09:44 | wytze | Resolution | open => fixed |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master e894a195 |
2011-06-19 16:53 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 7db5efae |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel release e4d11212 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master e894a195 |
2011-06-21 23:57 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 7db5efae |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel release e4d11212 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master e894a195 |
2011-06-22 00:09 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 7db5efae |
2011-09-15 00:19 | Uli60 | Project | Main CAcert Website => Translingo |
2011-09-15 00:19 | Uli60 | Category | source code => General |