SQL injection issues fixed

The SQL injection issues, at least all that I could find, are fixed. The first alert was on March 18th. That went out via:

See also FreshSource code fixes.

Short version

  • everything we know about is fixed
  • we saw no evidence of data being obtained
  • we have no proof it was not obtained

The safest procedure: change your FreshPorts password. Anything you had set before Friday March 24 2023 09:49:20 UTC should be changed.

If you used the same login credentials somewhere else, you should change that too.

Long version

For you to be at risk, I would expect:

  • the data on FreshPorts to have been accessed (there is no evidence either way)
  • the hashes to have been cracked
  • you used the same FreshPorts login information somewhere else
  • The attacker then knows where that somewhere else is

From FreshPorts, the most valuable thing they might get is the list of packages you are tracking. We don’t have home addresses, phone numbers, or credit card information.

Sorry about this.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top