Passwords

Community news and information about new or upcoming versions of AutoHotkey
User avatar
tank
Posts: 2756
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Irving TX
Contact:

Passwords

05 Oct 2014, 16:26

Recently due to an innocent code error the DB credentials were exposed. The DB password was changed as a result and is no longer vulnerable. But in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change. I am sorry for any inconvenience. The reality is it is unlikely that even if the user table was compromised that your actual password would get cracked. Passwords are stored hashed and salted. It would take a highly skilled cracker to derive real passwords.
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank :thumbup:
User avatar
jballi
Posts: 576
Joined: 29 Sep 2013, 17:34

Re: Passwords

05 Oct 2014, 16:42

I came here to bitch and moan but you took all the air out of my moan tires. Thanks for the update. :)
User avatar
fincs
Posts: 504
Joined: 30 Sep 2013, 14:17
GitHub: fincs
Location: Seville, Spain
Contact:

Re: Passwords

05 Oct 2014, 16:54

You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this :facepalm:
fincs
Windows 10 x64 Build 18362 | AMD Ryzen 7 3700X with 32 GB of RAM | AutoHotkey v1.1.31.01
Get SciTE4AutoHotkey v3.0.06.01 - [My project list]
User avatar
amnesiac
Posts: 186
Joined: 22 Nov 2013, 03:08
Location: Egret Island, China
Contact:

Re: Passwords

05 Oct 2014, 20:30

Thanks for your work. Yes, it's a "better safe than sorry".
User avatar
joedf
Posts: 7284
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Passwords

05 Oct 2014, 22:28

fincs wrote:You can blame PHP/PDO and its incredibly stupid DB-credential-leaking error messages for this :facepalm:
+1 :facepalm:
Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500 @ 4.00 GHz, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz, NVIDIA GTX 1060 6GB | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
Bruttosozialprodukt
Posts: 457
Joined: 24 Jan 2014, 22:28

Re: Passwords

06 Oct 2014, 02:39

It should also be mentioned that it was only revealed for like 5 minutes and I think it didn't even had the correct database name in it.

I also don't even think that you could connect to it without access to the servers php side.
6Zptf
Posts: 7
Joined: 18 Sep 2014, 08:03

Re: Passwords

06 Oct 2014, 12:51

in adoption with a "better safe than sorry" I have set all passwords for all users to expire and require change.
I appreciate your caution.
User avatar
dmg
Posts: 254
Joined: 02 Oct 2013, 01:43
Location: "Twelve days north of Hopeless and a few degrees south of Freezing to Death"
Contact:

Re: Passwords

06 Oct 2014, 16:00

OK. Thanks for letting us know. What does setting the passwords to expire mean for us users? What do we need to do, and when?
"My dear Mr Gyrth, I am never more serious than when I am joking."
~Albert Campion
------------------------------------------------------------------------
Website | Demo scripts | Blog | External contact
codybear
Posts: 42
Joined: 25 Feb 2014, 04:28

Re: Passwords

06 Oct 2014, 18:25

Thanks for the heads up. I just changed mine to be safe.
User avatar
tank
Posts: 2756
Joined: 28 Sep 2013, 22:15
Facebook: charlie.simmons.7334
Google: ttnnkkrr
GitHub: ttnnkkrr
Location: Irving TX
Contact:

Re: Passwords

06 Oct 2014, 18:30

Change your password incase someone managed to access the user table and found a way to guess your password
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
https://www.facebook.com/ahkscript.org
If you have forum suggestions please submit a pull request
Check Out WebWriter
Thanks Tank :thumbup:
kidbit
Posts: 168
Joined: 02 Oct 2013, 16:05

Re: Passwords

09 Oct 2014, 12:55

oh god, this is so lame
question := (2b) || !(2b) © Shakespeare.
User avatar
Chunjee
Posts: 182
Joined: 18 Apr 2014, 19:05
GitHub: Chunjee

Re: Passwords

28 Oct 2014, 09:18

tank wrote:I have set all passwords for all users to expire and require change.
Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?
guest3456
Posts: 2655
Joined: 09 Oct 2013, 10:31

Re: Passwords

28 Oct 2014, 10:26

Chunjee wrote: Don't have a PM or any notification at all that my password needs changing. Are you sure you did this?
you are the 11th poster in this thread.

whats more likely:

1. the 10 previous posters are all talking nonsense, and the site admin didn't really do what he said he did
2. you are the anomaly

User avatar
Chunjee
Posts: 182
Joined: 18 Apr 2014, 19:05
GitHub: Chunjee

Re: Passwords

28 Oct 2014, 11:24

3. They are set to expire tomorrow
4. Someone erased my memory
5. I am better than all users and my password is just super salty
6. The forced password change expired or isn't working for everyone

Going with 5.
User avatar
joedf
Posts: 7284
Joined: 29 Sep 2013, 17:08
Facebook: J0EDF
Google: +joedf
GitHub: joedf
Location: Canada
Contact:

Re: Passwords

28 Oct 2014, 12:50

Image Image Image Image Image
Windows 10 x64 Professional, Intel i5-8500 @ 4.00 GHz, 2x8GB G.Skill RipJaws V - DDR4 3280 MHz, NVIDIA GTX 1060 6GB | [About Me] | [ASPDM - StdLib Distribution]
[Populate the AHK MiniCity!] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library] | [About the AHK Foundation]
User avatar
Blackholyman
Posts: 1281
Joined: 29 Sep 2013, 22:57
Facebook: socialjsz
Google: +Jszapp
Location: Denmark
Contact:

Re: Passwords

04 Nov 2014, 10:25

Same! no reset for me yet
User avatar
Sidola
Posts: 14
Joined: 10 Oct 2013, 14:14
GitHub: Sidola

Re: Passwords

09 Nov 2014, 12:12

Me neither.
Bruttosozialprodukt
Posts: 457
Joined: 24 Jan 2014, 22:28

Re: Passwords

09 Nov 2014, 13:07

I definitely had to reset my password the day all this happened.

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 9 guests