donators

n@work Internet Informationssysteme GmbH
Your ad here

My iPhone Apps


Get PwGen now for FREE in AppStore

Get PwGen Pro in AppStore

support @ Amazon

If you like to support this site and you want to by something at Amazon, please use this link for purchasing your desired items. This does not cost you anything more than the normal price but I got a small revenue from your order.
Thank you!

Advertising

print page print page

typo3.org password leaked - CHANGE YOUR PASSWORDS

By: Thomas

14.11.08 13:40 Age: 232 days

Hello,

An unauthorized person gained administrative access to typo3.org backend due to a weak password of one of the backend users. The backend was NOT hacked as I wrote before.

All accounts are currently locked. Because of the single sign on solution, this also affects forge and bugs and some other domains. It's highly recommend to change all your passwords that might be similar to the password you used as your typo3.org account. To make it clear! This affects ALL frontend user accounts. Not only the backend users!

It's a really bad situation and even if the passwords where stored a md5 hashes. If you have very simple passwords (a single word for example) it is possible to get your password from a dictionary for example! So once again: 

CHANGE YOUR PASSWORDS IF THEY ARE SIMILAR TO THE TYPO3.ORG FE ACCOUNT!

 

Greets,
Thomas

 


Please leave a comment

Back to: Blog

2 Responses to “typo3.org password leaked - CHANGE YOUR PASSWORDS”

#1: Juergen Egeling commented on Saturday, 15-11-08 17:38

Gravatar: Juergen Egeling

Hi,
as far as we investigated, typo3.org was not hacked, but one password was exposed, and a person not allowed to use the backend was using a backend login. I recommend reading http://en.wikipedia.org/wiki/Social_engineering_(computer_security) and http://en.wikipedia.org/wiki/Password_policy (do not have the same pasword on two websites.)
best
Juergen


#2: Thomas commented on Saturday, 15-11-08 21:00

Gravatar: Thomas

Hi Jürgen,

yes you're right. The page was actually not hacked and I used an inappropriate wording. Changed that.

Greets,
Thomas


Leave a Reply

You have to activate JavaScript to post comments!

Calendar

November 2008
M T W T F S S
« Oct   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930

Tagcloud

page security community installer personal t3board development TYPO3 podcast web

Latest comments

  • Hahnefeld

    Do you have some problems with your server or is it because of maintainance?

  • Hahnefeld

    I hope, my answers will help you for your statistics. Nice to meet you 2010!

  • Thomas

    Hi Peter, that is already fixed. :-) Greets, Thomas

  • Peter

    Hey, great & thanks. Hint: It should be T3DD10 in question 33, not T3DD09 ;-). Cheers, Peter

  • Doru

    I just updated the blog entry with the checkout command, see bottom of the page I posted in the last...

Blogroll

Advertising

Meta







Valid XHTML 1.0 Strict
Valid CSS!