Dangerous users Dangerous users
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Dangerous users

Started by Fréderic, October 10, 2004, 09:25:40 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Fréderic

October 10, 2004, 09:25:40 PM
Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?

Thanks!

kegobeer

#1
October 10, 2004, 09:26:27 PM
There are no known security issues with the standalone version of Coppermine.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

#2
October 11, 2004, 06:15:45 AM
The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently

What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude... ;D

Joachim
Print
Go Up Pages1
User actions