Page MenuHomePhabricator
Create Task
Maniphest T87100

T87062 contains a centralauth token and other interesting cookie information allowing to steal session
Closed, ResolvedPublic
Actions

Description

Please redact the post containing cookies relevant to account security and set it to public when ready.

Event Timeline

Rillke created this task.Jan 17 2015, 1:16 PM
Rillke assigned this task to Aklapper.
Rillke raised the priority of this task from to Needs Triage.
Rillke updated the task description. (Show Details)
Rillke added a project: Phabricator.
Rillke subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 17 2015, 1:16 PM
Rillke added a comment.Jan 17 2015, 1:17 PM

Reference T87062.

Liuxinyu970226 subscribed.Jan 17 2015, 2:39 PM
Rillke updated the task description. (Show Details)Jan 17 2015, 6:02 PM
Rillke set Security to None.
Rillke added subscribers: Qgil, Dzahn, demon and 3 others.
hoo closed this task as Resolved.Jan 17 2015, 6:12 PM
hoo subscribed.

I've logged out the user so that their account can no longer be taken over with the given cookie data. Sadly I'm no longer able to hide individual posts (but that also never worked for me in Bugzilla...), so I couldn't hide the comment.
Closing as the biggest risk has been mitigated and the ticket is private now.

Rillke added a comment.Jan 17 2015, 6:35 PM

Thanks, Hoo :) Will @Aklapper do the remaining clean-up? Some users appear to have breaking news about the matter.

Liuxinyu970226 unsubscribed.Jan 18 2015, 3:36 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL