Logging everyone out

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Logging everyone out

Tim Starling-2
Everyone on Wikimedia wikis will shortly be logged out and will have
to log back in again.

We are resetting all sessions because we believe that, due to a
configuration error, session cookies may have been sent in cacheable
responses. Some users reported that they saw the site as if they were
logged in as someone else. We believe that the number of affected
users was very small. However, we believe that resetting all sessions
is a prudent measure to ensure that the impact is limited.

There are several layers of protection against something like this
happening, and we don't yet know how all of them failed, but we have
made a configuration change which should be sufficient to prevent it
from happening again.

-- Tim Starling


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Logging everyone out

Steven Walling
Thanks Tim,

1. Does “saw the site” mean users actually had full or partial access to
the accounts of other users, or simply were viewing a cached version of the
site that appeared as if they were logged in as someone else? How many
users were impacted?

2. Does the WMF hold incident review meetings and publish reports about
what steps are taken to prevent repeat incidents with the same root cause?

On Thu, Jun 25, 2020 at 7:44 PM Tim Starling <[hidden email]>
wrote:

> Everyone on Wikimedia wikis will shortly be logged out and will have
> to log back in again.
>
> We are resetting all sessions because we believe that, due to a
> configuration error, session cookies may have been sent in cacheable
> responses. Some users reported that they saw the site as if they were
> logged in as someone else. We believe that the number of affected
> users was very small. However, we believe that resetting all sessions
> is a prudent measure to ensure that the impact is limited.
>
> There are several layers of protection against something like this
> happening, and we don't yet know how all of them failed, but we have
> made a configuration change which should be sufficient to prevent it
> from happening again.
>
> -- Tim Starling
>
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Logging everyone out

Tim Starling-2
On 26/6/20 3:26 pm, Steven Walling wrote:
> Thanks Tim,
>
> 1. Does “saw the site” mean users actually had full or partial access to
> the accounts of other users, or simply were viewing a cached version of the
> site that appeared as if they were logged in as someone else?

Users reportedly had full access to the accounts of other users.

> How many users were impacted?

We had three reports. We've added logging which should help to
determine whether anyone else was affected. So far, the indications
are that it is an extremely rare event.

> 2. Does the WMF hold incident review meetings and publish reports about
> what steps are taken to prevent repeat incidents with the same root cause?

Incidents are documented at
<https://wikitech.wikimedia.org/wiki/Incident_documentation>

Action items are tagged with the Incident Prevention tag in Phabricator:
<https://phabricator.wikimedia.org/project/view/4758/>

Whether there is an incident review meeting depends on the nature of
the incident.

-- Tim Starling


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: Logging everyone out

Steven Walling
Good to know it was so few people. Thanks for your diligence as always.

On Thu, Jun 25, 2020 at 10:57 PM Tim Starling <[hidden email]>
wrote:

> On 26/6/20 3:26 pm, Steven Walling wrote:
> > Thanks Tim,
> >
> > 1. Does “saw the site” mean users actually had full or partial access to
> > the accounts of other users, or simply were viewing a cached version of
> the
> > site that appeared as if they were logged in as someone else?
>
> Users reportedly had full access to the accounts of other users.
>
> > How many users were impacted?
>
> We had three reports. We've added logging which should help to
> determine whether anyone else was affected. So far, the indications
> are that it is an extremely rare event.
>
> > 2. Does the WMF hold incident review meetings and publish reports about
> > what steps are taken to prevent repeat incidents with the same root
> cause?
>
> Incidents are documented at
> <https://wikitech.wikimedia.org/wiki/Incident_documentation>
>
> Action items are tagged with the Incident Prevention tag in Phabricator:
> <https://phabricator.wikimedia.org/project/view/4758/>
>
> Whether there is an incident review meeting depends on the nature of
> the incident.
>
> -- Tim Starling
>
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l