A user was able to gain access to our LDAP\u00a0database\u00a0and has published the email\u00a0addresses\u00a0and names, as well as apparent password hashes,\u00a0of anyone who has signed up to identity.mageia.org.\u00a0However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised.\u00a0All of the passwords have since been reset as a security\u00a0precaution.\u00a0New rules\u00a0have been\u00a0added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read,\u00a0as the configuration\u00a0should have\u00a0specifically prevented this.<\/p>\n
The passwords\u00a0stored by the Mageia LDAP server are\u00a0hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords.\u00a0Despite the leaked data only appearing to be names and email\u00a0addresses\u00a0of identity.mageia.org users, we strongly urge users to be cautious if the password used for\u00a0their Mageia account is used elsewhere,\u00a0and\u00a0we recommend changing passwords wherever else it is used.<\/p>\n
To regain access to your Mageia account, the reset password link should be sufficient for all users without git access.The reset password link can be obtained\u00a0by asking for a password reset on\u00a0https:\/\/identity.mageia.org\/forgot_password<\/a>\u00a0after which you’ll receive a mail with the link.<\/p>\n For privileged users, a sysadmin should be contacted\u00a0to regain access.<\/p>\n We sincerely apologise for any problems and inconvenience that this might cause.<\/p>\n","protected":false},"excerpt":{"rendered":" A user was able to gain access to our LDAP\u00a0database\u00a0and has published the email\u00a0addresses\u00a0and names, as well as apparent password hashes,\u00a0of anyone who has signed up to identity.mageia.org.\u00a0However, the published hashes do not match those on record, and all capitalisation … Continue reading