Subsonic Forum

[Gamlielr]

Hello everyone,

While trying subsonic on Ubuntu, between installation and setting https parameters, one of my non-admin account got hacked. Its password was changed in "Anton is great ".
I was quite horrified when I found it out and I wonder what else could have been changed in the system. Do I have to reinstall everything from scratch?

Certainly, I would have not expected this event to occur with such a prestigious software.

Thank you to those who would help me.

Gamlielr

[GJ51]

This is the first report of this kind that I have seen. Although we are aware of some areas of vulnerability that are being addressed, this is the first report I've seen claiming that a password was actually changed. Hard to imagine how that could happen by someone not authorized to log onto your site. I did some pretty serious "White hat" hacking with another user and we found one thing that we reported for correction, but the limit of what we were able to do was to spoof the browser into thinking that someone who was connected was a different user. My recollection doesn't include actually changing or reading passwords.

Can you provide more details as to how you think this may have been accomplished? Are you sure that the account user just didn't get the password wrong?

[Gamlielr]

Hello GJ51,

Thank you indeed for your quick reply. The account hacked was also mine (I usually create non-admin accounts in order to make account handling safer), and I am pretty sure I didn't choose that password. I installed Ubuntu 11.10 on a Acer 1930g machine today, on an external usb hard disk. The system was just installed and not updated, yet.
I did not access the account outside my local network, however I cannot tell whether the router allows port 4040 visibility outside.
Please note that I do not have a broadband connection, but a 3g wifi router.

I have no idea how this was accomplished but I suspect I will spend the entire day tomorrow changing passwords and painstakingly looking for system changes.

Unfortunately I fear I would not be able to provide logs as I have restarted the system several times since.

Best regards,
Galielr

[GJ51]

I'm still not clear on how you are sure the account was hacked. We do know that sometimes the user displayed in the roght colum where "Now Playing" shows is NOT always correct due to improper handling of cookies. How do you know that the password has been compromised?

[Gamlielr]

Ok,

I've followed this (viewtopic.php?t=3770) procedure to reset the password, given that I could not access the system any more.
But I see the string I posted is the default message on the site performing hex to ascii conversion.

I might have made some copy and paste mistake.

My apologies for making such a fuss.

Best regards,
Gamlielr

[GJ51]

Not a problem. It's what the forum is for. By clarifying what is happening it helps others understand an issue when they encounter the same problem. We do know that there is room for improvement that the developer is working on, but anytime there is a suggestion of a major security flaw, it is in everyones interest to be sure what is happening.

Thank you for responding.