This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[ncc-announce] [Service] Resolved Security Issue in LIR Portal

Previous message (by thread): [ncc-announce] [news] RIPE NCC website becoming HTTPS-only
Next message (by thread): [ncc-announce] [training] RIPE NCC Webinars

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ivo Dijkhuis ivo.dijkhuis at ripe.net
Fri Jan 23 16:56:34 CET 2015

Dear colleagues,

A security issue in the RIPE NCC LIR Portal was reported to us on
Monday, 19 January 2015.

This issue allowed authenticated LIR Portal users to potentially access
the invoices of other RIPE NCC members.

Our investigation has shown that the issue was introduced on Monday
morning, the same day it was discovered. A fix for this issue was
deployed on Wednesday, 21 January 2015.

We found no evidence that the issue was abused. No action is required
from LIR Portal users.

Measures have been taken to improve our internal software development
processes with regard to security.

We would like to thank Marco Näf, the RIPE NCC member who reported this
issue, allowing us to resolve this issue quickly.

Kind regards,

Ivo Dijkhuis
Information Security Officer
RIPE NCC

Previous message (by thread): [ncc-announce] [news] RIPE NCC website becoming HTTPS-only
Next message (by thread): [ncc-announce] [training] RIPE NCC Webinars

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ncc-announce Archives ]