[Wine] WineHQ database compromise
Austin English
austinenglish at gmail.com
Tue Oct 11 17:48:37 CDT 2011
2011/10/11 Josh Juran <josh at iswifter.net>:
> On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:
>
>> On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh at iswifter.net> wrote:
>>
>>> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable. (Remember FireSheep?)
>>
>> Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... Is there no way to replace this with some sort of client based hashing or something?
>
> To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.
>
> Firesheep was a lesson that even once passwords are secure, session credentials are still vulnerable to sniffing. Some sites went to HTTPS-only sessions after that.
http://bugs.winehq.org/show_bug.cgi?id=23791
--
-Austin
More information about the wine-devel
mailing list