Date: Sat, 31 May 2008 15:46:36 +0200 From: Martin Schulze <joey@...odrom.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: ikiwiki Nico Golde wrote: > Hi, > Joey Hess discovered that if openid and passwordauth > plugins are both ennabled in ikiwiki which is the case in > the default installation anyone can log in using an openid > that has already been used to login into the wiki and > doesn't use a password. > > This is Debian bug: http://bugs.debian.org/483770 > > As Steven is currently on semi-vacation, Martin can you > assign a CVE id for this issue from the Debian pool? Please use CVE-2008-0169. Regards, Joey -- Experience is something you don't get until just after you need it.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ