I reported this like 2 weeks ago ( https://trac.torproject.org/projects/tor/ticket/11545) depends on admins analysing this issue. El may 2, 2014 2:41 PM, "Nusenu" < bm-2d8wmevggvy76je1wxnpfo8srpzt5yg...@bitmessage.ch> escribió:
> > We learned on recently that there was a bug in our Trac setup that > allowed > > anyone to register a new user account for an existing user name, > overwriting > > the existing user's password and thereby taking over the account [0]. > > Has there been an analysis on how many accounts have been compromised > this way (and their email addresses changed)? > > When was this vulnerability introduced? > > > > However, it's still possible that somebody has taken over your account > in the > > past and you didn't notice because you didn't log in recently. We > recommend > > users try to login and if you find you are unable to do so, you can > reset your > > password here: https://trac.torproject.org/projects/tor/reset_password > > Not very helpful if the attacker changed the account's email address ;) > > > btw: Was there any specific reason to wait for 10 days after fixing this > issue before telling tor-talk about it? > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
