Discussion:
----------
The ISPConfig source code has undergone an initial code review by security company RACK911 LABS. During this check several problems were found which were fixed in this patch version.
This release improves the protection against CSRF attacks. While additions and edits were already protected, deletions were not. This has now been fixed.
The hashed (CRYPT_SHA512 with salt) password was visible in the ps command output, while a shell user was added with the adduser command. This has now been changed to hide the password hash.
Reference(s):
------------
https://www.ispconfig.org/blog/ispconfig-3-1-15p1-released-security-and-bugfix-release/
About Us:
--------
https://www.RACK911Labs.com
RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119
1-855-RACK911
============================================================
UNSUBSCRIBE:
https://hostingseclist.us3.list-manage.com/unsubscribe?u=722bc323a024d15a407baae81&id=f512fc2224&t=b&e=[UNIQID]&c=a70b3d9ac0
FORWARD EMAIL:
https://us3.forward-to-friend.com/forward?u=722bc323a024d15a407baae81&id=a70b3d9ac0&e=[UNIQID]
UPDATE PROFILE:
https://hostingseclist.us3.list-manage.com/profile?u=722bc323a024d15a407baae81&id=f512fc2224&e=[UNIQID]&c=a70b3d9ac0