Mageia Identity Security Breach

A user was able to gain access to our LDAP database and has published the email addresses and names, as well as apparent password hashes, of anyone who has signed up to However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised. All of the passwords have since been reset as a security precaution. New rules have been added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read, as the configuration should have specifically prevented this.

The passwords stored by the Mageia LDAP server are hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords. Despite the leaked data only appearing to be names and email addresses of users, we strongly urge users to be cautious if the password used for their Mageia account is used elsewhere, and we recommend changing passwords wherever else it is used.

To regain access to your Mageia account, the reset password link should be sufficient for all users without git access.The reset password link can be obtained by asking for a password reset on after which you’ll receive a mail with the link.

For privileged users, a sysadmin should be contacted to regain access.

We sincerely apologise for any problems and inconvenience that this might cause.

This entry was posted in Uncategorized. Bookmark the permalink.

Curious about Mageia? Download it, give it a try and tell us how you feel about it.

Want to bring something to it? Learn how you can contribute and donate.

11 Responses to Mageia Identity Security Breach

  1. Pingback: Problema Seguridad en Mageia Identity | Mageia Blog (Español)

  2. Pingback: Вада захисту у системі профілів Mageia | Mageia Blog (Україна)

  3. Pingback: Problema de Seguridad en Mageia Identity | Mageia Blog (Español)

  4. Pingback: Einbruch in Mageia Identity | Mageia Blog (Deutsch)

  5. Pingback: Violação da segurança da identidade Mageia | Mageia Blog (Português)

  6. Pingback: Скомпроментирована база пользователей Mageia |

  7. Pingback: Hackers comprometeram servidor do projeto Mageia | Hacking Brasil

  8. Brian says:

    Does this impact ID’s in Bugzilla?

  9. Starynov Gabonov says:

    Mageia is poor security.

Leave a Reply