CCCWikiExploit

November 26, 2004 (webmaster) Durch einen bislang unbekannten TWiki-Exploit wurde unauthorisierter Zugriff für einige spanische Hackerkollegen auf CCC Server möglich. Dabei sind in Vergessenheit geratene Registrierungsdaten des Chaos Communication Camp 2003 veröffentlicht worden.

http://www.ccc.de/updates/2004/camp-server-hack?language=en

http://www.digitalsec.net/stuff/fun/CCC/ccc_and_cccs.txt

http://www.digitalsec.net/stuff/fun/CCC/

...The server has been used for hosting another TWiki installation after the camp, but the organization crew left planet earth due to extraterrestrial commitments and more or less forgot about its existence.

Our spanish colleagues succesfully broke into this machine, exploiting a newly found bug in the TWiki software, and published part of the stuff. This includes personal registration data as well as crypt passwords for Wiki users. While the passwords are not available in clear text, they are susceptible to a dictionary attack. Therefore, these passwords must be considered compromised, so we urge anybody who used the same password for camp registration or TWiki and any other system to take appropriate measures.