Login-Issue after Upgrade
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi all,
after upgrading to 4305 the login failed; authlog tables shows "Logged In" and at the same timestamp "Authentication Failure". User / Password is correct.
Br, Patrick
- -- ConnectingBytes GmbH - "www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037
Same problem here - had to revert back to an earlier release to be able to login again. Now running the 4302 build again.
Chris
On Mon, Aug 19, 2013 at 10:55 AM, Patrick Kambach pkambach@kambach.netwrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi all,
after upgrading to 4305 the login failed; authlog tables shows "Logged In" and at the same timestamp "Authentication Failure". User / Password is correct.
Br, Patrick
ConnectingBytes GmbH - "www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlISTeUACgkQCIR+kawbQF24uQCgmB2aq1Ih6/flrSOOdt/HoA70 uCsAn1Rb7GKk6dHuK+AClFUKO16c/PlU =HfMf -----END PGP SIGNATURE----- _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi!
With 4307 it's working again for me.
Br, Patrick
Am 19.08.2013 19:17, schrieb Chris Stone:
Same problem here - had to revert back to an earlier release to be able to login again. Now running the 4302 build again.
Chris
On Mon, Aug 19, 2013 at 10:55 AM, Patrick Kambach <pkambach@kambach.net mailto:pkambach@kambach.net> wrote:
hi all,
after upgrading to 4305 the login failed; authlog tables shows "Logged In" and at the same timestamp "Authentication Failure". User / Password is correct.
Br, Patrick
-- ConnectingBytes GmbH - "www.kambach.net http://www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net mailto:pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037 _______________________________________________ observium mailing list observium@observium.org mailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Chris Stone AxisInternet, Inc. www.axint.net http://www.axint.net
_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
- -- ConnectingBytes GmbH - "www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037
Working for me again as well on build 4307
Chris
On Mon, Aug 19, 2013 at 11:24 AM, Patrick Kambach pkambach@kambach.netwrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi!
With 4307 it's working again for me.
Br, Patrick
Am 19.08.2013 19:17, schrieb Chris Stone:
Same problem here - had to revert back to an earlier release to be able to login again. Now running the 4302 build again.
Chris
On Mon, Aug 19, 2013 at 10:55 AM, Patrick Kambach <pkambach@kambach.net mailto:pkambach@kambach.net> wrote:
hi all,
after upgrading to 4305 the login failed; authlog tables shows "Logged In" and at the same timestamp "Authentication Failure". User / Password is correct.
Br, Patrick
-- ConnectingBytes GmbH - "www.kambach.net http://www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net mailto:pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037 _______________________________________________ observium mailing list observium@observium.org mailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Chris Stone AxisInternet, Inc. www.axint.net http://www.axint.net
_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
ConnectingBytes GmbH - "www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlISVMQACgkQCIR+kawbQF3TyACgi6qxt4PcOaV8kIdJmeZMQ8/b HHUAoJ4tHFKYBwo9qqww+OPsIRn3L3EC =UBuX -----END PGP SIGNATURE-----
Hi,
I've done a bit of rewriting of the authentication system. At first it wasn't properly authing for everyone, but that's fixed now.
You should all upgrade, it's quite an important update that fixes a pretty nasty security problem :)
Thanks, adam.
On 2013-08-19 17:55, Patrick Kambach wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi all,
after upgrading to 4305 the login failed; authlog tables shows "Logged In" and at the same timestamp "Authentication Failure". User / Password is correct.
Br, Patrick
ConnectingBytes GmbH - "www.kambach.net" | In der Steele 35, 40599 Düsseldorf, Germany | Telefon: 0800 / 900 2580 - 1, Fax: 0800 / 900 2580 - 2 | Email: pkambach@kambach.net | Web: http://www.kambach.net | | Geschäftsführer: Patrick Kambach | Amtsgericht Düsseldorf, HRB 60009 | Ust-IdNr.: DE815028832, Steuernummer: 106/5736/0037 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32)
iEYEARECAAYFAlISTeUACgkQCIR+kawbQF24uQCgmB2aq1Ih6/flrSOOdt/HoA70 uCsAn1Rb7GKk6dHuK+AClFUKO16c/PlU =HfMf -----END PGP SIGNATURE----- _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
* Adam Armstrong adama@memetic.org [2013-08-19 22:09]:
Hi,
I've done a bit of rewriting of the authentication system. At first it wasn't properly authing for everyone, but that's fixed now.
You should all upgrade, it's quite an important update that fixes a pretty nasty security problem :)
Which one? The one you first tried to silently fix in the 4304 revision together with some other 90 files?
r4304 "print_r() -> print_vars() which calls print_r or r()/rt() depending upon environment. new remember me function (this is super important)"
Hm, it doesn't mention a security problem but none the less, saving the password in the session and also in a cookie is probably not the best idea, yes...
setcookie("password", $_SESSION['password'], time()+60*60*24*100, "/");
http://fisheye.observium.org/browse/Observium/html/includes/authenticate.inc...
So we come to quality checks again...
Seriously, reconsider your release strategy and the way you inform people about problem that could impact their security, please.
Sebastian
I now am unable to log in at all, so it's been made very secure indeed. ;)
Install php5-mcrypt / php-mcrypt.
adam.
On 2013-08-20 00:24, David Brodbeck wrote:
I now am unable to log in at all, so it's been made very secure indeed. ;)
--
David Brodbeck System Administrator, Linguistics University of WashingtonGPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Still no good, but Observium isn't critical at our site, so I've made a note to look at the server error log later. Since I'm automatically following the latest SVN release, I kind of expect it to break every so often.
On Mon, Aug 19, 2013 at 3:27 PM, Adam Armstrong adama@memetic.org wrote:
Install php5-mcrypt / php-mcrypt.
adam.
On 2013-08-20 00:24, David Brodbeck wrote:
I now am unable to log in at all, so it's been made very secure indeed. ;)
--
David Brodbeck System Administrator, Linguistics University of WashingtonGPG key fingerprint: 0DB7 4B50 8910 DBC5 B510
79C4 3970 2BC3 2078 D875
______________________________**_________________ observium mailing list observium@observium.org http://postman.memetic.org/**cgi-bin/mailman/listinfo/**observiumhttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
______________________________**_________________ observium mailing list observium@observium.org http://postman.memetic.org/**cgi-bin/mailman/listinfo/**observiumhttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Friendly reminder: if you install php modules you have to restart apache.. :-)
On 20/08/2013 0:47, David Brodbeck wrote:
Still no good, but Observium isn't critical at our site, so I've made a note to look at the server error log later. Since I'm automatically following the latest SVN release, I kind of expect it to break every so often.
On Mon, Aug 19, 2013 at 3:27 PM, Adam Armstrong <adama@memetic.org mailto:adama@memetic.org> wrote:
Install php5-mcrypt / php-mcrypt. adam. On 2013-08-20 00:24, David Brodbeck wrote: I now am unable to log in at all, so it's been made very secure indeed. ;) -- David Brodbeck System Administrator, Linguistics University of WashingtonGPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875 _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- David Brodbeck System Administrator, Linguistics University of Washington GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Is it still stuck at some previous broken revision?
If it's broken for you, it'll likely be broken for someone else too, so we'd like to fix it :)
adam.
On 2013-08-20 00:47, David Brodbeck wrote:
Still no good, but Observium isn't critical at our site, so I've made a note to look at the server error log later. Since I'm automatically following the latest SVN release, I kind of expect it to break every so often.
On Mon, Aug 19, 2013 at 3:27 PM, Adam Armstrong adama@memetic.org wrote:
Install php5-mcrypt / php-mcrypt.
adam.
On 2013-08-20 00:24, David Brodbeck wrote:
I now am unable to log in at all, so it's been made very secure indeed. ;)
--
David Brodbeck System Administrator, Linguistics University of WashingtonGPG key fingerprint: 0DB7 4B50 8910 DBC5 B510
79C4 3970 2BC3 2078 D875
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [1]
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium [1]
--
David Brodbeck System Administrator, Linguistics University of WashingtonGPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
Links:
[1] http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (6)
-
Adam Armstrong -
Chris Stone -
David Brodbeck -
Patrick Kambach -
Sebastian Wiesinger -
Tom Laermans