[Critical] Security Hole #17
Assignees
Comments
ghost
assigned
DaneEveritt
added a commit
that referenced
this issue
Dec 6, 2013
DaneEveritt
added a commit
that referenced
this issue
Dec 6, 2013
DaneEveritt
added a commit
that referenced
this issue
Dec 6, 2013
DaneEveritt
added a commit
that referenced
this issue
Dec 6, 2013
|
This issue has been patched at the time of writing. We will continue to evaluate code to ensure it remains safe. |
|
This security hole was found to be a non-issue upon further review. All FTP accounts are given unique names and used to identify servers. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It has come to my attention that there is a critical security hole in the software. If you are currently running this installation on a server that people are able to access please disable it.
This bug occurs if two servers on the same node have the same name. The bug would allow for users to access data for the other server via the console and power options. This bug will be patched shortly. Until then you should disable the software or ensure that all servers have a unique name.
The text was updated successfully, but these errors were encountered: