Page MenuHomePhabricator

Update password used for dumping databases
Closed, ResolvedPublicSecurity

Description

I pasted it by mistake on a phabricator task, changing it fleet-wide.

Event Timeline

jcrespo triaged this task as Unbreak Now! priority.

We are currently working on this

backup sources + test hosts:

changing db1116:3320...[done]
changing db1102:3320...[done]
changing db1140:3311...[done]
changing db1139:3311...[done]
changing db1139:3312...[done]
changing db1102:3312...[done]
changing db1145:3313...[done]
changing db1102:3313...[done]
changing db1150:3314...[done]
changing db1145:3314...[done]
changing db1150:3315...[done]
changing db1140:3316...[done]
changing db1171:3317...[done]
changing db1171:3318...[done]
changing db1116:3318...[done]
changing db1124...[done]
changing db1125...[done]
changing db1133...[done]

changing db2097:3311...[done]
changing db2097:3312...[done]
changing db2098:3317...ERROR 1133 (28000) at line 1: Can't find any matching row in the user table
changing db2098:3318...[done]
changing db2099:3314...[done]
changing db2100:3317...[done]
changing db2100:3318...[done]
changing db2101:3315...[done]
changing db2101:3320...[done]
changing db2139:3313...[done]
changing db2139:3314...[done]
changing db2141:3311...[done]
changing db2141:3316...[done]
changing db2102...ERROR 1133 (28000) at line 1: Can't find any matching row in the user table

This is now done:

# zarcillo -BN -e "SELECT name from instances" | while read name; do mysql.py -h $name -e "SELECT user, host from mysql.user WHERE password like '*<leaked hash>%'"; done ~> empty results

writing an email before closing.

Can someone from security edit this task to make it open? I don't think I can myself.

Clement_Goubert closed this task as Resolved.
Ladsgroup changed the visibility from "Custom Policy" to "Public (No Login Required)".Dec 7 2022, 4:10 PM
Ladsgroup changed the edit policy from "Custom Policy" to "All Users".
Ladsgroup added a subscriber: Ladsgroup.

After approval from secteam.