[Bug 54847] New: Data leakage user table "new" databases like wikidatawiki_p and the wikivoyage databases

bugzilla-daemon Tue, 01 Oct 2013 14:07:29 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=54847


       Web browser: ---
            Bug ID: 54847
           Summary: Data leakage user table "new" databases like
                    wikidatawiki_p and the wikivoyage databases
           Product: Wikimedia Labs
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: tools
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified
   Mobile Platform: ---

The user table in the wikidatawiki_p database leaks private information.
Everything is visible! Most important:
* user_password - Do I need to say more?
* user_email - email should be restricted, not public info.
* user_touched - last time user visited the site
* user_token - cookie token, can be used to take over a session

Checked some other random db's and these seem ok.

I asked Coren to take down the database server.

https://www.mediawiki.org/wiki/Manual:User_table

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 54847] New: Data leakage user table "new" databases like wikidatawiki_p and the wikivoyage databases

Reply via email to