diff options
| author | Henrik Brix Andersen <brix@FreeBSD.org> | 2008-06-01 21:04:34 +0000 |
|---|---|---|
| committer | Henrik Brix Andersen <brix@FreeBSD.org> | 2008-06-01 21:04:34 +0000 |
| commit | a07b58883a53e1830674ee3efdcdfbb777b60b88 (patch) | |
| tree | 36e24224f7bf6508f42befacceecafbd1d8f6c73 /security/vuxml/vuln.xml | |
| parent | 5027b59c5ed7683d2224aa1ab039307d2bbe3bce (diff) | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e8527f68938f..7441a2a3a3b0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,34 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="90db9983-2f53-11dd-a0d8-0016d325a0ed"> + <topic>ikiwiki -- cleartext passwords</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>2.48</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The ikiwiki development team reports:</p> + <blockquote cite="http://ikiwiki.info/security/#index32h2"> + <p>Until version 2.48, ikiwiki stored passwords in cleartext in + the userdb. That risks exposing all users' passwords if the file + is somehow exposed. To pre-emtively guard against that, current + versions of ikiwiki store password hashes (using Eksblowfish).</p> + </blockquote> + </body> + </description> + <references> + <url>http://ikiwiki.info/security/#index32h2</url> + </references> + <dates> + <discovery>2008-05-30</discovery> + <entry>2008-06-01</entry> + </dates> + </vuln> + <vuln vid="09066828-2ef1-11dd-a0d8-0016d325a0ed"> <topic>ikiwiki -- empty password security hole</topic> <affects> |