International conference of developers
and users of free / open source software

First security fix at lvee.org

May 27, 2009 11:34

First public-accessible vulnerability in the history of a new site engine was closed at May, 26.

The vulnerability was caused by incorrect settings of access rights for the personal profile editing. Demonstration of the vulnerability was accompanied by a delicate humor of one of the participants, and was highly appreciated by morning visitors of the site.

During the period of fixing, which had lasted about 1 hour plus time to roll back to the last content backup, some users have found themselves unable to edit their personal data due to temporary blockage of this function in a site engine. Organization board apologizes for that problems.

We also suppose it necessary to thank Alexey Zaharov for pleasure of watching massed footprints of his beaver’s pads in our logs :)

Author: Alexander Borovsky

Back to news list