OpenWrt Homepage (Wiki) offline for unplanned maintenance


After reviewing the situation we found no indication of any unauthorized access to the system.


During maintenance work to implement performance improvements for the table of hardware (ToH) views on the wiki, which are currently the primary reason for severe system load, we encountered a debug log containing username and passwords of login attempts in clear text.

What we initially believed to be a malicious modification of the DokuWiki PHP code turned out to be leftover debug code from an earlier wiki migration. We removed the offending debug functionality and purged the related log file. As a precaution, we're going to force a password reset for all users.

Note that the user database itself contains one-way password hashes and was not compromised, neither did we find an indication of any unauthorized access.