imported>DrOwl m (deSpam) |
imported>mutante mNo edit summary |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1:
November 26, 2004 (webmaster)
Durch einen bislang unbekannten [[TWiki]]-[[Exploit]] wurde unauthorisierter Zugriff
http://www.ccc.de/updates/2004/camp-server-hack?language=en
Line 8:
http://www.digitalsec.net/stuff/fun/CCC/
...The server has been used for hosting another [[TWiki]] installation after
the camp, but the organization crew left planet [[earth]] due to
[[extraterrestrial]] commitments and more or less forgot about its existence.
Our spanish colleagues succesfully broke into this machine, exploiting a
newly found bug in the [[TWiki]] [[software]], and published part of the stuff.
This includes personal registration data as well as [[crypt]] passwords for
Wiki users. While the
are susceptible to a dictionary attack. Therefore, these passwords must
be considered compromised, so we urge anybody who used the same password
for camp registration or TWiki and any other system to take appropriate
measures.
[[Category:Computer]]
[[Category:German]]
[[Category:English]]
[[Category:Hacking]]
[[Category:CCC]]
|
Latest revision as of 20:18, 23 October 2005
November 26, 2004 (webmaster) Durch einen bislang unbekannten TWiki-Exploit wurde unauthorisierter Zugriff für einige spanische Hackerkollegen auf CCC Server möglich. Dabei sind in Vergessenheit geratene Registrierungsdaten des Chaos Communication Camp 2003 veröffentlicht worden.
http://www.ccc.de/updates/2004/camp-server-hack?language=en
http://www.digitalsec.net/stuff/fun/CCC/ccc_and_cccs.txt
http://www.digitalsec.net/stuff/fun/CCC/
...The server has been used for hosting another TWiki installation after the camp, but the organization crew left planet earth due to extraterrestrial commitments and more or less forgot about its existence.
Our spanish colleagues succesfully broke into this machine, exploiting a newly found bug in the TWiki software, and published part of the stuff. This includes personal registration data as well as crypt passwords for Wiki users. While the passwords are not available in clear text, they are susceptible to a dictionary attack. Therefore, these passwords must be considered compromised, so we urge anybody who used the same password for camp registration or TWiki and any other system to take appropriate measures.