oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request for Ushahidi security vulnerability 2012-008

From: Robbie Mackay <robbie () ushahidi com>
Date: Fri, 30 Nov 2012 13:09:11 +1300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The following vulnerability was found in Ushahidi and fixed in the
Ushahidi 2.6.1 release.
Could you please assign a CVE?

Forgotten password challenges were guessable based on users last login
and email address.
The issue was discovered by Timothy D. Morgan

Security advisory:
http://ushahidi.com/index.php/security/alert/sa-web-2012-008
Issue: https://github.com/ushahidi/Ushahidi_Web/issues/646
Commit:
https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e

- -- 
Robbie Mackay

Software Developer, External Projects
Ushahidi Inc
e: robbie () ushahidi com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQt/kmAAoJEKnxsxigzOTXkQwH/izEngpyMz20xT7rXR6XKIsI
soyPHtDYhrAao+8MbqorqkUYH0PELJ5F3mevo1StKx05oDrHfIjdGq7OqM6/BSeS
1skF3H9o0D6bPD2pDlva/F1yCST9fEnhru6Tn8pcKyJeZK82zLlo669KDs8AcFOX
0pifIa/Bv6zhGzbiRRQrF/JfQm/a5VARfOy2CZgAi5+ee6L+4/lizt5q51QMflGd
COCbRh6gq7ORWCguoE36keWWgCc4D+ducq2zkGvwfbnBuZrwbJZOh4rEiYphCAR5
i2XIh8MXt8gppMKE4ewpKcrW6hUnmVBYn5gMfqRrB3IkUBjFtTFDK2xCwaTcEzM=
=4a/A
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: