Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)

Wanderlei Huttel Mon, 17 Apr 2017 13:25:10 -0700

But there's no backup of Mantis Database?

Best regards


*Wanderlei Hüttel*
http://www.huttel.com.br

2017-04-17 16:15 GMT-03:00 Josip Deanovic <djosip+n...@linuxpages.net>:

> On Monday 2017-04-17 20:19:17 Kern Sibbald wrote:
> > Hello,
> >
> > All the tables are good.  However someone emptied it.
> >
> > I think this is the command that did it.
> >
> > 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST
> > /manage_proj_delete.php HTTP/1.1" 200 504
> >
> > Any comments?
>
> I think I found the source of the problem:
> https://www.mantisbt.org/bugs/view.php?id=22739
> https://www.mantisbt.org/bugs/view.php?id=22690
>
> In short: "attackers can hijack accounts if only supplying the user
> ID and username".
>
> Date Submitted: 2017-04-08 10:07
> Fixed in Version: 1.3.10
> It seems that same goes for 2.3.1.
>
> --
> Josip Deanovic
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Re: [Bacula-users] Mantis bacula bugs has disappeared (like empty database)

Reply via email to