|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2013-05-09 22:51:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Fedora account system (FAS) potential information disclosure
Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore:
Fedora project leader Robyn Bergeron has announced an information disclosure bug in the Fedora account system that may have exposed certain types of information (hashed passwords, security questions and encrypted answers, etc.) from unapproved members. It has been present since 2008, but could only be exploited by authenticated users, furthermore:
Review of logs has shown no cases where this bug was used in our
production account system, however our staging version was also
vulnerable and we are unable to confirm the information was not
accessed there. Moving forward, additional logging will be added to our
staging infrastructure.
We recommend (but do not require) that all users take this time to change their passwords, update their security questions/answers and review their other account information.
