Welcome to Geeklog, Anonymous Tuesday, November 19 2024 @ 10:48 pm EST

Geeklog 1.6.1sr1 and 1.5.2sr6

  • Sunday, May 09 2010 @ 02:15 pm EDT
  • Contributed by:
  • Views: 6,444
Security

You may remember the flurry of security issues that Bookoo of the Nine Situations Group reported for Geeklog in April last year. Well, it looks like we missed one issue in those reports: Geeklog's auto login feature is vulnerable to brute force / dictionary attacks. To fix this, we are releasing the following security updates:

Other versions: The issue is also fixed in Geeklog 1.7.0 (but present in the 1.7.0 beta and release candidate). The 1.5.2sr6 upgrade can also be used for Geeklog 1.6.0, 1.5.1, and 1.5.0. Earlier versions were not tested - we really recommend to upgrade to a newer version (1.6.1sr1 or 1.7.0) instead.