Re: Erlang cookie vulnerability
This has been moved to the appropriate mailing list secur...@couchdb.apache.org Best Jan — > On 18. Apr 2022, at 18:48, ermouth wrote: > > According to the author the issue is already filed. Also, according to the > author, the CouchDB security team response was like ‘it gonna be fixed > eventually, in future release’, which, as I understand, was anything but > satisfying and resulted in publication. > > So it’s already widely public, and my post wasn’t about vulnerability. > > It was about ‘Shouldn’t that recommendation be emitted into the CouchDB > installer?’. > > ermouth > > > пн, 18 апр. 2022 г. в 15:11, Jan Lehnardt : > >> Hi all, >> >> please follow the official and well documented guidelines for submitting >> security related issues: https://docs.couchdb.org/en/stable/cve/index.html >> >> Thanks >> Jan >> — >> Professional Support for Apache CouchDB: >> https://neighbourhood.ie/couchdb-support/ >> >> 24/7 Observation for your CouchDB Instances: >> https://opservatory.app >> >>> On 18. Apr 2022, at 13:25, ermouth wrote: >>> >>> One very popular Russian IT resource published a well written description >>> of a known Erlang cookie vulnerability – with a recipe on how to exploit >> it >>> to gain control over Couch. >>> >>> Looks like the CouchDB manual isn’t very verbose about that issue, the >>> only mention is a recommendation about protecting Erlang cookie if a user >>> has 4369 open. >>> >>> Shouldn’t that recommendation be emitted into the CouchDB installer? >>> >>> ermouth >> >>
Re: Erlang cookie vulnerability
According to the author the issue is already filed. Also, according to the author, the CouchDB security team response was like ‘it gonna be fixed eventually, in future release’, which, as I understand, was anything but satisfying and resulted in publication. So it’s already widely public, and my post wasn’t about vulnerability. It was about ‘Shouldn’t that recommendation be emitted into the CouchDB installer?’. ermouth пн, 18 апр. 2022 г. в 15:11, Jan Lehnardt : > Hi all, > > please follow the official and well documented guidelines for submitting > security related issues: https://docs.couchdb.org/en/stable/cve/index.html > > Thanks > Jan > — > Professional Support for Apache CouchDB: > https://neighbourhood.ie/couchdb-support/ > > 24/7 Observation for your CouchDB Instances: > https://opservatory.app > > > On 18. Apr 2022, at 13:25, ermouth wrote: > > > > One very popular Russian IT resource published a well written description > > of a known Erlang cookie vulnerability – with a recipe on how to exploit > it > > to gain control over Couch. > > > > Looks like the CouchDB manual isn’t very verbose about that issue, the > > only mention is a recommendation about protecting Erlang cookie if a user > > has 4369 open. > > > > Shouldn’t that recommendation be emitted into the CouchDB installer? > > > > ermouth > >
Re: Erlang cookie vulnerability
Hi all, please follow the official and well documented guidelines for submitting security related issues: https://docs.couchdb.org/en/stable/cve/index.html Thanks Jan — Professional Support for Apache CouchDB: https://neighbourhood.ie/couchdb-support/ 24/7 Observation for your CouchDB Instances: https://opservatory.app > On 18. Apr 2022, at 13:25, ermouth wrote: > > One very popular Russian IT resource published a well written description > of a known Erlang cookie vulnerability – with a recipe on how to exploit it > to gain control over Couch. > > Looks like the CouchDB manual isn’t very verbose about that issue, the > only mention is a recommendation about protecting Erlang cookie if a user > has 4369 open. > > Shouldn’t that recommendation be emitted into the CouchDB installer? > > ermouth