1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Memory
  5. Motherboards
  6. Processors
  7. Software
  8. Storage
  9. Operating Systems


Facebook RSS Twitter Twitter Google Plus


Phoronix Test Suite

OpenBenchmarking.org

Fedora's Account System Faces Security Issue

Fedora

Published on 09 May 2013 01:07 PM EDT
Written by Michael Larabel in Fedora
Comment On This Article

Two years after the Fedora Account System (FAS) upped its security, an announcement has been made today that they have discovered a security vulnerability in their system that dates back to 2008.

Robyn Bergeron announced the issue this morning and it's a bug that could expose salted SHA512 encrypted passwords, plain-text security questions, encrypted answers, and other potential private account data from the Fedora Account System.

For exploiting the bug, a valid FAS account user would need to go log into a valid account, go to a group with unapproved members, and then manipulate the URL to get a JSON version of the account data for unapproved members in the list. The bug originated in 2008 while a hot-fix has now been deployed.

In reviewing their server logs they don't believe their production account system was ever exploited maliciously by this issue, but they are unable to confirm whether or not the staging version of FAS has been compromised. As a result, they suggest all Fedora FAS users change their private account information.

Full details on the Fedora Announce List.

Latest Linux Hardware Reviews
  1. Overclocking The AMD AM1 Athlon & Sempron APUs
  2. AMD Athlon 5350 / 5150 & Sempron 3850 / 2650
  3. Upgraded Kernel & Mesa Yield A Big Boost For Athlon R3 Graphics
  4. AMD Athlon 5350 APU On Linux
Latest Linux Articles
  1. Are AMD Athlon/Sempron APUs Fast Enough For Steam On Linux?
  2. AMD Athlon's R3 Graphics: RadeonSI Gallium3D vs. Catalyst
  3. GCC 4.9 Compiler Optimization Benchmarks For Faster Binaries
  4. DDR3 Memory Scaling Performance With AMD's Athlon 5350
Latest Linux News
  1. Intel Broadwell GT3 Graphics Have Dual BSD Rings
  2. Early Linux 3.15 Benchmarks Of Intel Core i7 + Radeon
  3. Red Hat Releases Its RHEL 7 Release Candidate
  4. New Features Coming To Xubuntu 14.04 LTS
  5. NVIDIA Officially Releases CUDA 6
  6. Google Releases An AutoFDO Converter For Perf In LLVM
  7. Fedora 21 To Evaluate Remote Journal Logging, 64-bit ARM Emulation
  8. Star Citizen Will Be Coming To Linux
  9. Ubuntu 14.10 Convergence To Focus On Replacing Core Apps
  10. The Results Of Optimizing Radeon's VRAM Behavior
  11. Kernel Developers Discuss Improving Kernel Configurations
  12. Apple, LLVM Developers Figure Out Their 64-Bit ARM Approach
Latest Forum Discussions
  1. The GNOME Foundation Is Running Short On Money
  2. Linux Kernel Developers Fed Up With Ridiculous Bugs In Systemd
  3. Bye bye BSD, Hello Linux: A Sys Admin's Story
  4. New tool for undervolt/overclock AMD K8L and K10 processors
  5. How to enable opengl 3.3 on r9 270?
  6. R290x sound problems
  7. radeon-profile: tool for changing profiles and monitoring some GPU parameters
  8. Torvalds Is Unconvinced By LTO'ing A Linux Kernel