MyAAC v0.8.6

OP
slaw

slaw

Developer
Joined
Aug 27, 2007
Messages
3,257
Solutions
96
Reaction score
746
Location
Germany
GitHub
slawkens
Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
1625950168368.png

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/[email protected] (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.
 

Shadow_

Veteran OT User
Joined
Jun 2, 2018
Messages
906
Solutions
29
Reaction score
334
Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
View attachment 60189

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/[email protected] (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.
Lmao, so it was you. This guy is dangerous xD from no where i found security log and updated on my site, cool break through if you didn't add like a patching system or something in myaac, btw thanks for the fix!
 

Chriistian.L.B

Active Member
Joined
Apr 17, 2008
Messages
142
Solutions
1
Reaction score
37
Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
View attachment 60189

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/[email protected] (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.


Some of my pages stopped work after this commit, report is page is not found, but just my shop page you know how i can fix it ?
 

GOD Coke

Mapper
Joined
Nov 25, 2015
Messages
56
Reaction score
12
Location
Dominican Republic
I just started using myaac and installed everything fine but when i create an account the passwords are encrypted in another way than sha1, and in the config.lua i have sha1, i use tfs 0.4 what should i do?
 

Elgenady

Veteran OT User
Joined
Aug 5, 2011
Messages
1,600
Solutions
33
Reaction score
294
I just started using myaac and installed everything fine but when i create an account the passwords are encrypted in another way than sha1, and in the config.lua i have sha1, i use tfs 0.4 what should i do?
go to ur database and remove salt from accounts table and then in config.local.php set env to "dev" and then you will need to create account again and then try to login

edit
don't remove the account have char druid and knight sample
 

Itutorial

Premium User
Premium User
Joined
Dec 23, 2014
Messages
1,909
Solutions
52
Reaction score
616
The future is here! Let people completely take over your server!
 
Top