[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
** Changed in: eucalyptus Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/579942 Title: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud To manage notifications about this bug go to: https://bugs.launchpad.net/eucalyptus/+bug/579942/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
** Branch linked: lp:ubuntu/eucalyptus -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
This bug was fixed in the package eucalyptus - 1.6.2+bzr1230-0ubuntu1 --- eucalyptus (1.6.2+bzr1230-0ubuntu1) maverick; urgency=low [ Colin Watson ] * debian/eucalyptus-cloud.eucalyptus-cloud-publication.upstart: Only start after avahi-daemon has started. [ Dave Walker (Daviey) ] * Merge upstream branch, 1.6.2 (r1230) * Switch to dpkg-source 3.0 (quilt) format - Extracted the following patches from our bzr branch, into flat patches. * debian/build-jars: Replaced asm2 with asm3-all to match new groovy dependency. * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java: - fix user enumeration and account brute force. Courtesy of Chris Cheney. (LP: #579942) * debian/eucalyptus-sc.upstart: Bump maximum number of loop devices for SC to 512. (LP: #586134) -- Dave Walker (Daviey)Mon, 14 Jun 2010 13:48:17 +0100 ** Changed in: eucalyptus (Ubuntu Maverick) Status: Triaged => Fix Released -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
Please upload the lucid fix to maverick as soon as possible (SRU policy). Bumping priority. ** Changed in: eucalyptus (Ubuntu Maverick) Importance: Low => High ** Changed in: eucalyptus (Ubuntu Maverick) Milestone: None => maverick-alpha-2 -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
This bug was fixed in the package eucalyptus - 1.6.2-0ubuntu30.2 --- eucalyptus (1.6.2-0ubuntu30.2) lucid-proposed; urgency=low * Revert: node/handlers_kvm.c: fix console bug (was only showing first 64K), LP: #566793 * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/server/EucalyptusWebBackendImpl.java: - fix user enumeration and account brute force, LP: #579942 * debian/eucalyptus-sc.upstart: Bump maximum number of loop devices for SC to 512, LP: #586134 eucalyptus (1.6.2-0ubuntu30.1) lucid-proposed; urgency=low Address LP: #565101 * debian/eucalyptus.conf: set default JVM_MEM option * debian/eucalyptus-common.eucalyptus.upstart: use $JVM_MEM from eucalyptus.conf, or default to 512m * tools/eucalyptus.conf.5: document the JVM_MEM option Cherry-pick upstream commit r1223..1227: * node/handlers.c, node/handlers_kvm.c: handle situation where NC's do not detach pthreads, LP: #567371 * node/handlers_kvm.c: fix console bug (was only showing first 64K), LP: #566793 * clc/modules/storage-common/src/main/java/edu/ucsb/eucalyptus/storage/StorageManager.java, clc/modules/storage-common/src/main/java/edu/ucsb/eucalyptus/storage/fs/FileSystemStorageManager.java, clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusImageManager.java, clc/modules/walrus/src/main/java/edu/ucsb/eucalyptus/cloud/ws/WalrusManager.java, clc/modules/wsstack/src/main/java/com/eucalyptus/ws/handlers/ServiceSinkHandler.java: - fix Walrus OOM errors (java heap), LP: #565101 -- Chris CheneyFri, 04 Jun 2010 00:39:00 -0500 ** Changed in: eucalyptus (Ubuntu Lucid) Status: Fix Committed => Fix Released -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
** Branch linked: lp:~davewalker/eucalyptus/maverick_to_quilt -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
Confirmed to be fixed. The same error message is returned for either a bad userId or a bad password. ** Tags added: verification-done ** Tags removed: verification-needed -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
** Branch linked: lp:ubuntu/lucid-proposed/eucalyptus -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
Accepted into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! ** Changed in: eucalyptus (Ubuntu Lucid) Status: Triaged => Fix Committed ** Tags added: verification-needed -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 579942] Re: User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud
** Visibility changed to: Public -- User Enumeration and account brute force within Eucalyptus 1.6.2 for Enterprise Cloud https://bugs.launchpad.net/bugs/579942 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs