1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

Fedora's Account System Faces Security Issue

Fedora

Published on 09 May 2013 01:07 PM EDT
Written by Michael Larabel in Fedora
Comment On This Article

Two years after the Fedora Account System (FAS) upped its security, an announcement has been made today that they have discovered a security vulnerability in their system that dates back to 2008.

Robyn Bergeron announced the issue this morning and it's a bug that could expose salted SHA512 encrypted passwords, plain-text security questions, encrypted answers, and other potential private account data from the Fedora Account System.

For exploiting the bug, a valid FAS account user would need to go log into a valid account, go to a group with unapproved members, and then manipulate the URL to get a JSON version of the account data for unapproved members in the list. The bug originated in 2008 while a hot-fix has now been deployed.

In reviewing their server logs they don't believe their production account system was ever exploited maliciously by this issue, but they are unable to confirm whether or not the staging version of FAS has been compromised. As a result, they suggest all Fedora FAS users change their private account information.

Full details on the Fedora Announce List.

Latest Linux Hardware Reviews
  1. Mini-Box M350: A Simple, Affordable Mini-ITX Case
  2. Overclocking The AMD AM1 Athlon & Sempron APUs
  3. AMD Athlon 5350 / 5150 & Sempron 3850 / 2650
  4. Upgraded Kernel & Mesa Yield A Big Boost For Athlon R3 Graphics
Latest Linux Articles
  1. Ubuntu 12.04.4 vs. 13.10 vs. 14.04 LTS Desktop Benchmarks
  2. AMD OpenCL Performance With AM1 Kabini APUs
  3. A Quick Look At GCC 4.9 vs. LLVM Clang 3.5
  4. Are AMD Athlon/Sempron APUs Fast Enough For Steam On Linux?
Latest Linux News
  1. Ubuntu 14.04 LTS "Trusty Tahr" Officially Released
  2. Ubuntu 12.04 LTS vs. 14.04 LTS Server Benchmarks
  3. QEMU 2.0 Released With ARM, x86 Enhancements
  4. Running The Unity 8 Preview Session On Ubuntu 14.04 LTS
  5. R600 Gallium3D Disables LLVM Back-End By Default
  6. Fedora 21 Gets GNOME 3.12, PHP 5.6, Mono 3.4
  7. Fedora Workstation Is Making Me Quite Excited
  8. Maynard: A Lightweight Wayland Desktop
  9. Chromium Browser Going Through Growing Pains In Ubuntu 14.04
  10. KDE 4.13 Is Being Released Today With New Features
  11. Trying Out Radeon R9 290 Graphics On Open-Source
  12. Intel Broadwell GT3 Graphics Have Dual BSD Rings
Latest Forum Discussions
  1. After Jack Keane, RuseSoft will briing Ankh 3 to Linux through Desura
  2. Updated and Optimized Ubuntu Free Graphics Drivers
  3. Suspected PHP Proxy Issue
  4. Linux Kernel Developers Fed Up With Ridiculous Bugs In Systemd
  5. The GNOME Foundation Is Running Short On Money
  6. Change installation destination from home directory
  7. Bye bye BSD, Hello Linux: A Sys Admin's Story
  8. New tool for undervolt/overclock AMD K8L and K10 processors