I administer a system running a private installation of Trac 1.0.1. Last night I opened firewalls to allow a company Nessus scan. Nessus was able to create a new Trac user.
2014-11-01 02:40:43,407 Trac[main] DEBUG: Dispatching <RequestWithSession "POST '/register'"> 2014-11-01 02:40:43,408 Trac[session] DEBUG: Retrieving session for ID 'd1e15c57faf4f33fabad61c9' 2014-11-01 02:40:43,409 Trac[main] DEBUG: Negotiated locale: None -> None 2014-11-01 02:40:43,410 Trac[api] WARNING: Unable to find repository '(default)' for synchronization 2014-11-01 02:40:43,439 Trac[perm] DEBUG: *No policy allowed anonymous performing ACCTMGR_USER_ADMIN on None* 2014-11-01 02:40:43,441 Trac[api] INFO: *Created new user: 12345* Is this a configuration issue, or native vulnerability? -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
