In association with heise online

01 December 2010, 12:58

Savannah software forge compromised

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Savannah, the open source software forge run by the GNU Project, is currently down following an SQL injection attack. According to a notice on the site, the attack lead to the "leaking of encrypted account passwords, some of them discovered by brute-force attack, leading in turn to project membership access".

The developers say that "While effort was made in the past to fix injection vulnerabilities in the Savane 2 legacy code base, it appears this was not enough", adding that they're currently in the processes of reinstalling the system and restoring the data from a backup from the 23rd of November. All changes between the 23rd and the 27th will be audited to see exactly what was compromised.

An update from early this morning notes that, after looking through all of the logs, it appears that there was no other account cracking. An online monitor is available for users interested in the current status of the site.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit