Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)

2017-04-17 16:20:27
Subject: Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)
From: Wanderlei Huttel <wanderleihuttel AT gmail DOT com>
To: Josip Deanovic <djosip+news AT linuxpages DOT net>
Date: Mon, 17 Apr 2017 17:19:28 -0300
But there's no backup of Mantis Database?

Best regards

Wanderlei Hüttel

2017-04-17 16:15 GMT-03:00 Josip Deanovic <djosip+news AT linuxpages DOT net>:
On Monday 2017-04-17 20:19:17 Kern Sibbald wrote:
> Hello,
>
> All the tables are good.  However someone emptied it.
>
> I think this is the command that did it.
>
> 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST
> /manage_proj_delete.php HTTP/1.1" 200 504
>
> Any comments?

I think I found the source of the problem:
https://www.mantisbt.org/bugs/view.php?id=22739
https://www.mantisbt.org/bugs/view.php?id=22690

In short: "attackers can hijack accounts if only supplying the user
ID and username".

Date Submitted: 2017-04-08 10:07
Fixed in Version: 1.3.10
It seems that same goes for 2.3.1.

--
Josip Deanovic

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic
Next by Date:  Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic
Previous by Thread:  Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic
Next by Thread:  Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database), Josip Deanovic
Indexes:  [Date] [Thread] [Top] [All Lists]