oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for Ushahidi security vulnerability 2012-008

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 03 Dec 2012 18:54:27 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/29/2012 05:09 PM, Robbie Mackay wrote:

The following vulnerability was found in Ushahidi and fixed in the 
Ushahidi 2.6.1 release. Could you please assign a CVE?

Forgotten password challenges were guessable based on users last
login and email address. The issue was discovered by Timothy D.
Morgan

Security advisory: 
http://ushahidi.com/index.php/security/alert/sa-web-2012-008 Issue:
https://github.com/ushahidi/Ushahidi_Web/issues/646 Commit: 
https://github.com/ushahidi/Ushahidi_Web/commit/e8c7ecd42818c331db8945d20f8b1865bc6d157e


Please



use CVE-2012-5618 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQvVfTAAoJEBYNRVNeJnmTEgwQAMLxqwtmfaDpA0MoKwyshVzq
sKxABl1CT/OzCB1vaksMT4Y7UhwH09I140QwxpBBIzvaLskagbucFLT1fwO4nInk
Wu2DMslTOpm0QdklyGykiKy2WgsZgNn3Qkj6lR8nsJEaAtlIPeEv3mT4hLxJx1MU
If39EqS3EFcuqkj0duRtwgUiN9a54j7cMvcuy3RcKSpZZXcZdMLJS73n6DcHk0vh
tzmkkRpd8s6AgWreQG43piDFPM7aaQwCfd0v0jMFrCq+BOsnlZ7Pbf0zkpXwH4s1
sixz+8UtjIkzjp+dOd5jOAjmGirbYq4V96sp1hEu258Cm+LRpfdxOqUcVrxUXQEp
WbrMNpyK0f2rC9f64wKgHAeaEAoKslvF1QY6c9QXbzqW1EUFAwpxDAO3c4CZ4W3P
vRZDPOsD2CVRkSFKWuHKv/pMa1h0ltuyxDNf0QNiScb5o9sGGYntCTcbVs/DNjmq
8qWoRvxCkxt3gSqJI+/GIJbHDtwoVDrkMKWJsqhpF7Q5iSIrONM3HdllAJCbqV90
F/FdOvwZMe39T9I4XRLzwWhybPsTnq2Gq5GcQexdcUN3iXBvAA3fylOs93ifLhkY
+A9o3D8gklAAeIHPjYzahtqhu/UjnN7qPJVO9VjL9I5A78UwYcsR4FEMEt6uLNTu
ronBQc3q3iSnDO21mxLj
=8LN/
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: