Mozilla accidentally posts usernames and password hashes2010-12-29 09:52 by DanielaTags: Mozilla, security
Mozilla has confirmed that a partial database containing usernames and password hashes belonging to users of addons.mozilla.org was mistakenly left on a public server. As Sophos security expert Chester Wisniewski notes, Mozilla stored the compromised passwords set before April 9th, 2009 as MD5 hashes, rather than plain text. "But MD5 has cryptographic weaknesses that permit creation of the same hash from multiple strings," he explained. "This permits security experts to compute all the possible hashes and determine either your password or another string that will work even if it is not your password." Fortunately, only a single individual - who was participating in Mozilla's web bounty program - managed to access the sensitive content. Read more -here-
Post your review/comments
rate:
avg:
|