Open source WineHQ database breached – Emails, passwords of AppDB, Bugzilla users stolen

Computerworld, By Jaikumar Vijayan, October 13, 2011

For the second time in two months, a major open-source project has been breached. This time, the victim is the WineHQ project, which manages Wine, an open-source technology that lets users install and run Windows applications on Linux, Mac, Solaris and other operating systems. WineHQ earlier this week disclosed that someone had managed to break into one of its database systems and gain access to an open-source PHP tool that allows remote management of databases. In a note announcing the flaw, Wine developer Jeremy White said it’s unclear how the intruder was able to gain unauthorized access to the PHP utility. “It was either by compromising an admin’s credentials, or by exploiting an unpatched vulnerability in phpmyadmin,” White wrote. White is also the founder and CEO of Codeweavers, a company that sponsors the Wine project. WineHQ had “reluctantly” decided to allow application developers to remotely access the PHP utility because it is “a very handy tool, and something they very much wanted,” White said. “But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.”

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: