Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon4.gif   Important security update of ELOG, posted by Stefan Ritt on Mon Aug 2 13:40:02 2010 
    icon2.gif   Re: Important security update of ELOG, posted by Stefan Ritt on Thu Aug 5 12:26:12 2010 
Message ID: 66875     Entry time: Thu Aug 5 12:26:12 2010     In reply to: 66872
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Info  OS: All  ELOG Version: 2.8.0 
Subject: Re: Important security update of ELOG 

Stefan Ritt wrote:

Dear ELOG users,

this is to announce an important security update. As proposed by Lukasz Olejnik (CERN/PSNC), ELOG has now switched to strong encryption of password. So everybody concerned in security is advised to update to the new version 2.8.0. Existing password files for Windows users and Linux users not using HAVE_CRYPT are automatically converted. Those installations which used HAVE_CRYPT in the past under Linux have to ask their users to re-enter their password (via the link "Forgot password") after the upgrade to version 2.8.0.

Best regards,

  Stefan Ritt

I just realized that the command line elog utility did not yet use the new encryption. So automatic elog submissions using passwords are broken in version 2.8.0. I made an intermediate version 2.8.0-2 which fixes that. However you only need to update it if you use the elog utility and have problems with the 2.8.0 version.

ELOG V3.1.5-3fb85fa6