Re: CVE id request: ikiwiki

[Martin Schulze <joey () infodrom org>]

Nico Golde wrote:
> Hi,
> Joey Hess discovered that if openid and passwordauth 
> plugins are both ennabled in ikiwiki which is the case in 
> the default installation anyone can log in using an openid 
> that has already been used to login into the wiki and 
> doesn't use a password.
>
> This is Debian bug: http://bugs.debian.org/483770
>
> As Steven is currently on semi-vacation, Martin can you 
> assign a CVE id for this issue from the Debian pool?

Please use CVE-2008-0169.

Regards,

        Joey

-- 
Experience is something you don't get until just after you need it.