Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty databa

Subject:	Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)
From:	Josip Deanovic <djosip+news AT linuxpages DOT net>
To:	bacula-users AT lists.sourceforge DOT net
Date:	Mon, 17 Apr 2017 21:15:33 +0200

On Monday 2017-04-17 20:19:17 Kern Sibbald wrote:
> Hello,
> 
> All the tables are good.  However someone emptied it.
> 
> I think this is the command that did it.
> 
> 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST 
> /manage_proj_delete.php HTTP/1.1" 200 504
> 
> Any comments?

I think I found the source of the problem:
https://www.mantisbt.org/bugs/view.php?id=22739
https://www.mantisbt.org/bugs/view.php?id=22690

In short: "attackers can hijack accounts if only supplying the user
ID and username".

Date Submitted: 2017-04-08 10:07
Fixed in Version: 1.3.10
It seems that same goes for 2.3.1.

-- 
Josip Deanovic

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic

Next by Date:

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Wanderlei Huttel

Previous by Thread:

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic

Next by Thread:

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Wanderlei Huttel

Indexes:

[Date] [Thread] [Top] [All Lists]