Welcome to Geeklog Saturday, May 30 2020 @ 08:57 am EDT

Geeklog 1.3.8-1sr2

  • Tuesday, October 14 2003 @ 04:30 pm EDT
  • Contributed by:
  • Views: 11,963
Security

Following on the heels of 1.3.8-1sr1 is 1.3.8-1sr2, available as a (tiny) upgrade archive as well as a complete tarball.

Jouko Pynnonen found a way to trick the new "forgot password" feature, that was only introduced in 1.3.8, into letting an attacker change the password for any account. This release addresses this issue - there were no other changes.

Users of 1.3.7sr3 are not affected (as the feature simply didn't exist there).

bye, Dirk