Apache.org JIRA compromise
gerv at mozilla.org
Wed Apr 14 10:18:35 UTC 2010
"JIRA and Confluence both use a SHA-512 hash, but without a random salt.
We believe the risk to simple passwords based on dictionary words is
quite high, and most users should rotate their passwords.
Bugzilla uses a SHA-256, including a random salt. The risk for most
users is low to moderate, since pre-built password dictionaries are not
effective, but we recommend users should still remove these passwords
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
More information about the developers