[Wine] WineHQ database compromise

Conan Kudo (ニール・ゴンパ) ngompa13 at gmail.com
Tue Oct 11 17:37:49 CDT 2011


On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh at iswifter.net> wrote:

> On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:
>
> > Unfortunately, the attackers were able to download the full login
> > database for both the appdb and bugzilla.  This means that they have all
> > of those emails, as well as the passwords.  The passwords are stored
> > encrypted, but with enough effort and depending on the quality of the
> > password, they can be cracked.
> >
> > This, I'm afraid, is a serious threat; it means that anyone who uses the
> > same email / password on other systems is now vulnerable to a malicious
> > attacker using that information to access their account.
>
> Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
> none of them were otherwise valuable.  (Remember FireSheep?)
>
> Josh
>
>
Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart...
Is there no way to replace this with some sort of client based hashing or
something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/a513680e/attachment.html>


More information about the wine-users mailing list