ikiwiki -- empty password security hole

ID 09066828-2EF1-11DD-A0D8-0016D325A0ED
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


The ikiwiki development team reports:

This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins.