FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- empty password security hole

Affected packages
1.34 <= ikiwiki < 2.47_1

Details

VuXML ID 09066828-2ef1-11dd-a0d8-0016d325a0ed
Discovery 2008-05-30
Entry 2008-05-31
Modified 2010-05-12

The ikiwiki development team reports:

This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password.

Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins.

References

CVE Name CVE-2008-0169
URL http://ikiwiki.info/security/#index33h2