Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)
2017-04-17 15:16:21
On Monday 2017-04-17 20:19:17 Kern Sibbald wrote:
> Hello,
>
> All the tables are good. However someone emptied it.
>
> I think this is the command that did it.
>
> 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST
> /manage_proj_delete.php HTTP/1.1" 200 504
>
> Any comments?
I think I found the source of the problem:
https://www.mantisbt.org/bugs/view.php?id=22739
https://www.mantisbt.org/bugs/view.php?id=22690
In short: "attackers can hijack accounts if only supplying the user
ID and username".
Date Submitted: 2017-04-08 10:07
Fixed in Version: 1.3.10
It seems that same goes for 2.3.1.
--
Josip Deanovic
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|
|
|