Unidata Security Breach

Unidata community members:

The Unidata apache web server account was exploited through a vulnerability in a cgi-bin script on February 20, 2014. A fair bit of community user information was accessed, including website account email addresses and their associated passwords in encrypted hash form. We need to assume the hacker(s) are in the process of combing through this information and will be attempting to crack and use passwords found.

If you use a common password for multiple accounts including Unidata's web site, we STRONGLY recommend that you change your password for those other accounts immediately.

Please note: we will be enforcing a reset of Unidata website account passwords and password reminders. Our web site's login page will walk you through the procedure to reset these values.

In addition, we recommend disabling/removing the 'datasets.cgi' script should you be running it on your server.

We profusely apologize for this security breach and stand ready to help you in any way that we can.

Please send any questions/comments to Unidata User Support <support@unidata.ucar.edu>

This is a serious situation; please take appropriate action immediately.

Comments:

Post a Comment:
Comments are closed for this entry.
News@Unidata
News and information from the Unidata Program Center
News@Unidata
News and information from the Unidata Program Center

Welcome

FAQs

Developers’ blog

Take a poll!

What if we had an ongoing user poll in here?

Browse By Topic
Browse by Topic
« November 2024
SunMonTueWedThuFriSat
     
2
3
4
5
6
7
8
9
10
11
14
15
16
17
18
19
20
21
22
23
24
27
28
29
30
       
Today