Important Newscoop security announcement - requires immediate action.
-
We were made aware of a Newscoop vulnerability just before 1200 CEST today (Thursday Dec 6th 2012). This potentially affects all users of Newscoop 3.5.0 up to Newscoop 4.0.2.
The vulnerability exploits the Admin interface’s password restore. Exploitation of this allows attackers to gain Admin access to the site, so immediate action is required.
This quick failsafe fix should be applied immediately.
How To
1) Login into Newscoop
2) Configure > System Preferences
3) Set ‘Allow password recovery’ to No
This vulnerability does not affect those who already had set Allow password recovery to No.
All Sourcefabric customers are already protected and need to take no action.
If you are unsure of how to apply this fix or whether you affected, please mail contact AT sourcefabric DOT org immediately.
We’re working on a update patch and will let you know here as soon as it is ready. Please subscribe to this forum via mail or follow @Sourcefabric for updates.Thanks, Adam -
1 Comment sorted by
-
This is now fixed by Newscoop 4.0.3.
This discussion has been closed.
All Discussions Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions8,397
- Sourcefabric
- ↳ Announcements25
- Newscoop
- ↳ Newscoop Support2,189
- ↳ Newscoop Development722
- ↳ Newscoop Security13
- ↳ Newscoop Documentation17
- ↳ Newscoop Themes69
- Airtime
- ↳ Airtime Support3,139
- ↳ Airtime Development1,286
- ↳ Airtime Français146
- ↳ Airtime Documentation14
- ↳ Airtime Hacks102
- ↳ Promote your station!37
- ↳ Airtime Security11
- Booktype
- ↳ Booktype Support277
- ↳ Booktype Development55
- ↳ Booktype Documentation7
- Superdesk
- ↳ Superdesk Development264
- ↳ Web Publisher21
Poll
No poll attached to this discussion.Top Posters
-
Albert FR
1978
-
Martin Konecny
1860
-
Andrey Podshivalov
1526
-
Voisses Tech
1423
-
John Chewter
899
-
Daniel James
844
-
Roger Wilco
784
-
hoerich
627
-
Paul Baranowski
389
-
Cliff Wang
339