english - deutsch

How to handle a Wiki Security breach

For Wiki Users

In case the operator of a wiki you use pointed you to this page, saying you are affected (or a wiki you use is affected) by a security breach, you are strongly advised to follow these guidelines:

Note: The wiki administrator might do a global password reset for all users (either to enforce a password change, see above, or to just improve password hash strength, even if there was no security breach). In that case, you should just change your wiki password again.

For Wiki Admins / interested Users

In case your wiki is (potentially) affected by a security breach (like e.g. an attacker getting direct filesystem access or being able to execute code as the wiki process uid/gid), you are strongly advised to read and follow below guidelines.

Impact

If someone can directly access the filesystem, he could potentially read (or modify) any data or code readable (modifyable) by this uid/gid on the wiki server.

If the wiki uses the default MoinAuth authentication code, authentication happens using the username and the password (hash) stored in the user profile (which is stored in the data_dir, besides the page/attachment data).

How the password is usually hashed depends on the moin version:

Please note: Even salted SHA1 is not secure enough any more nowadays as you can use brute force (e.g. with powerful GPU hardware) to crack them - especially if the users used relatively short/weak passwords. So even if the users' passwords were stored as salted-SHA1, better consider them compromised. The stronger algorithms provided by passlib are slowing down brute force attacks a lot (like a million times slower).

Your TODO as wiki admin

Find out whether your wiki is vulnerable

If you run a MoinMoin wiki, find out whether it is still vulnerable.

Check your moin version (SystemInfo page, MoinMoin/version.py file, distribution package version), wiki configuration and follow the hints given on SecurityFixes page or other advisories.

If you use original, unmodified moin code downloaded from our web site, these hints usually apply directly.

If you use (patched) moin code as provided e.g. by Linux distributors, you will have to check their changelogs to find out whether specific security fixes have been applied. The moin version number will often stay the same, e.g. 1.9.3, but the code will get patched with security fixes. Be careful: this is usually only done while the distribution is considered "supported", if you run a outdated distribution release, you won't get security updates.

Apply the workaround to avoid your server getting compromised

On page SecurityFixes, there might be hints about how to immediately work around security issues even if you can't immediately upgrade the code or apply patches.

Here is what you usually need to do:

Did a security breach happen on your wiki?

Find out whether a security breach actually happened on your system:

Review / Evaluate

If a breach happened:

Clean up

If your evaluation indicates so:

Take care

Even if you don't think a breach happened:

MoinMoin: HowToHandleSecurityBreach (last edited 2013-03-11 20:32:17 by ThomasWaldmann)