Current time: 11-24-2024, 02:02 AM Hello There, Guest! (LoginRegister)


Post Reply 
ispCP Omega 1.0.5 Security Announcement II
Author Message
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #1
Exclamation ispCP Omega 1.0.5 Security Announcement II
Dear all,

Today we discovered another potential fault, this time in the ispCP Omega Engine. This security fix only affects installations where DEBUG is switched on in ispcp.conf. By default this functionality is disabled, if you have not enabled it then this security announcement does not affect you.

The details of the security fix are, on Database backup the password for the ispCP database user is revealed and logged in clear text without obfuscation.

To secure your installation, it is recommended to either set DEBUG to 0 or use the
patch attached to ticket 2411.

We apologise for any inconvenience caused.
(This post was last modified: 07-31-2010 12:21 AM by BioALIEN.)
07-30-2010 08:20 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
ispCP Omega 1.0.5 Security Announcement II - RatS - 07-30-2010 08:20 AM
RE: ispCP Omega 1.0.5 Security Announcement II - Nuxwin - 07-30-2010, 06:01 PM

Forum Jump:


User(s) browsing this thread: 1 Guest(s)