this post was submitted on 10 Jul 2023
287 points (97.7% liked)
Fediverse
17788 readers
5 users here now
A community dedicated to fediverse news and discussion.
Fediverse is a portmanteau of "federation" and "universe".
Getting started on Fediverse;
- What is the fediverse?
- Fediverse Platforms
- How to run your own community
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
@liaizon @fediverse I only joined a few days ago. I suppose this means I have to alter my password?
The attack shouldn't have exposed passwords or hashes, only the JWT cookie. The secret on the server has been changed so all old cookies should no longer work.
There is a very small possibility that email address may have been able to be seen if they logged is as you, but they were looking for admin accounts
Anyone knows what maintainers should do to patch the vulnerability?
Been patched already in release 0.18.2-rc's
Hi there! Looks like you linked to a Lemmy community using an URL instead of its name, which doesn't work well for people on different instances. Try fixing it like this: [email protected]