donators

n@work Internet Informationssysteme GmbH
Your ad here

My iPhone Apps


Get PwGen now for FREE in AppStore

Get PwGen Pro in AppStore

support @ Amazon

If you like to support this site and you want to by something at Amazon, please use this link for purchasing your desired items. This does not cost you anything more than the normal price but I got a small revenue from your order.
Thank you!

Advertising

print page print page

typo3.org password leaked - CHANGE YOUR PASSWORDS

By: Thomas

14.11.08 13:40 Age: 1 yrs

Hello,

An unauthorized person gained administrative access to typo3.org backend due to a weak password of one of the backend users. The backend was NOT hacked as I wrote before.

All accounts are currently locked. Because of the single sign on solution, this also affects forge and bugs and some other domains. It's highly recommend to change all your passwords that might be similar to the password you used as your typo3.org account. To make it clear! This affects ALL frontend user accounts. Not only the backend users!

It's a really bad situation and even if the passwords where stored a md5 hashes. If you have very simple passwords (a single word for example) it is possible to get your password from a dictionary for example! So once again: 

CHANGE YOUR PASSWORDS IF THEY ARE SIMILAR TO THE TYPO3.ORG FE ACCOUNT!

 

Greets,
Thomas

 


Please leave a comment

Back to: Blog

2 Responses to “typo3.org password leaked - CHANGE YOUR PASSWORDS”

#1: Juergen Egeling commented on Saturday, 15-11-08 17:38

Gravatar: Juergen Egeling

Hi,
as far as we investigated, typo3.org was not hacked, but one password was exposed, and a person not allowed to use the backend was using a backend login. I recommend reading http://en.wikipedia.org/wiki/Social_engineering_(computer_security) and http://en.wikipedia.org/wiki/Password_policy (do not have the same pasword on two websites.)
best
Juergen


#2: Thomas commented on Saturday, 15-11-08 21:00

Gravatar: Thomas

Hi Jürgen,

yes you're right. The page was actually not hacked and I used an inappropriate wording. Changed that.

Greets,
Thomas


Calendar

November 2008
M T W T F S S
« Oct   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930

Tagcloud

podcast web community security TYPO3 development page installer t3board personal

Latest comments

  • Thomas

    It is! Please check the top left corner above the menu. :-) Greets, Thomas

  • Phlogi

    Could you activate the search function in doxygen? Thanks

  • Kristian

    Thanks, I have the same quicksilver setup as you describe and have just spend over an hour trying to...

  • Thomas

    Hi Gina, interesting way to contact me. ;-) Anyway, we the amazing number of 52 complete and 21 i...

  • gina

    hey thomas, shouldn't we close the survey now? could you have a look how many people took part? if ...

Blogroll

Advertising

Meta







Valid XHTML 1.0 Strict
Valid CSS!