oss-sec mailing list archives
CVE request for Ushahidi security vulnerability 2012-008
From: Robbie Mackay <robbie () ushahidi com>
Date: Fri, 30 Nov 2012 13:09:11 +1300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The following vulnerability was found in Ushahidi and fixed in the Ushahidi 2.6.1 release. Could you please assign a CVE? Forgotten password challenges were guessable based on users last login and email address. The issue was discovered by Timothy D. Morgan Security advisory: http://ushahidi.com/index.php/security/alert/sa-web-2012-008 Issue: https://github.com/ushahidi/Ushahidi_Web/issues/646 Commit: https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e - -- Robbie Mackay Software Developer, External Projects Ushahidi Inc e: robbie () ushahidi com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQt/kmAAoJEKnxsxigzOTXkQwH/izEngpyMz20xT7rXR6XKIsI soyPHtDYhrAao+8MbqorqkUYH0PELJ5F3mevo1StKx05oDrHfIjdGq7OqM6/BSeS 1skF3H9o0D6bPD2pDlva/F1yCST9fEnhru6Tn8pcKyJeZK82zLlo669KDs8AcFOX 0pifIa/Bv6zhGzbiRRQrF/JfQm/a5VARfOy2CZgAi5+ee6L+4/lizt5q51QMflGd COCbRh6gq7ORWCguoE36keWWgCc4D+ducq2zkGvwfbnBuZrwbJZOh4rEiYphCAR5 i2XIh8MXt8gppMKE4ewpKcrW6hUnmVBYn5gMfqRrB3IkUBjFtTFDK2xCwaTcEzM= =4a/A -----END PGP SIGNATURE-----
Current thread:
- CVE request for Ushahidi security vulnerability 2012-008 Robbie Mackay (Nov 29)
- Re: CVE request for Ushahidi security vulnerability 2012-008 Kurt Seifried (Dec 03)