Opened 2 years ago

Closed 2 years ago

#23405 closed defect (worksforme)

My trac password was reset: is this a trac bug?

Reported by: teor Owned by: qbi
Priority: Medium Milestone:
Component: Internal Services/Service - trac Version:
Severity: Major Keywords:
Cc: hiro Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi,

This morning (Tue 5 Sep 2017 01:00 UTC), I wasn't able to log in with my trac password. It appears that it was changed (or corrupted) without my knowledge.

The cypherpunks password worked for me, as did my password when I reset it via email to a different password.

Is this a trac bug, file corruption, or a data breach of some kind?

Child Tickets

Change History (7)

comment:1 Changed 2 years ago by teor

(There don't appear to be any extra posts from my user, nor have I received any password reset emails or similar. So I'm wondering if this is some kind of corruption bug.)

comment:2 Changed 2 years ago by qbi

Cc: hiro added

As far as I remember hiro had a similar issue in the last days.

comment:3 Changed 2 years ago by Dbryrtfbcbhgf

I also had the same issue, After I used a email password reset I have not had any more problems.

comment:4 Changed 2 years ago by hiro

Yes in my case the user had been scrambled too. Also trac is unstable these days. Maybe we have a general trac issue. Or one of our plugins is misbehaving.

I have our logs to DEBUG for the time being. Trying to see if I can spot something.

comment:5 Changed 2 years ago by cypherpunks

Severity: NormalMajor

You've switched from the most stable LTS version to stable 1.2, but doesn't do maintenance updates. Current is 1.2.2 - isn't it a way to go?

comment:6 Changed 2 years ago by teor

The same issue is happening again now: I can use browsers where I am already logged-in, but I can't log in to a new browser. It tells me my username or password does not exist.

comment:7 Changed 2 years ago by qbi

Resolution: worksforme
Status: newclosed

We had a very high number of people who tried to create spammer accounts. This seemed to cause problem with the accountmanager plugin. Since I implemented some anti-spam measures the number of successful logins decreased and the trac.users file was not mangled. So i assume this behaviour is gone and thus close the bug.

Note: See TracTickets for help on using tickets.