Hi Joey, * Joey Hess <[EMAIL PROTECTED]> [2008-05-31 00:22]: [...] > I'm unhappy to report a nasty security hole in ikiwiki. If both openid > and passwordauth plugins are enabled (the default configuration), anyone > can log in as any openid that has previously logged into the wiki and > does not have a password set.
Ouch :/ [...] > Debian testing security team: Could you please get a CVE for this issue? Done, I'll update this bug report as soon as I got one. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpIW32Pd7pUd.pgp
Description: PGP signature
