Open SUSE forums attacked
Posted by: Timothy Weaver on 01/08/2014 05:10 PM
[
Comments
]
V-Bulletin software was hacked using a zero day flaw resulting in the openSUSE’s public forums being compromised. Tens of thousands of user email addresses were exposed.
A blog post stated the following:
"Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password."
Because of the attack, OpenSUSE has temporarily closed the forums until a workaround could be produced.
A blog post stated the following:
"Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password."
Because of the attack, OpenSUSE has temporarily closed the forums until a workaround could be produced.
Comments
