Monday, November 28, 2022
HomeCyber SecurityConfluence hardcoded password was leaked, patch now!

Confluence hardcoded password was leaked, patch now!

Australian software program agency Atlassian warned prospects to right away patch a crucial vulnerability that gives distant attackers with hardcoded credentials to log into unpatched Confluence Server and Information Heart servers.

As the corporate revealed this week, the Questions for Confluence app (put in on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to assist admins migrate knowledge from the app to the Confluence Cloud.

Sooner or later after releasing safety updates to handle the vulnerability (tracked as CVE-2022-26138), Atlassian warned admins to patch their servers as quickly as attainable, on condition that the hardcoded password had been discovered and shared on-line.

“An exterior occasion has found and publicly disclosed the hardcoded password on Twitter. You will need to remediate this vulnerability on affected programs instantly.” the corporate warned Thursday.

“This subject is more likely to be exploited within the wild now that the hardcoded password is publicly recognized.”

The warning is each well timed and crucial as a result of menace actors geared up with this data might use it to log into weak Confluence servers and entry pages the confluence-users group has entry to.

Additionally, that is no shock as Atlassian had already alerted customers that the password was” trivial to acquire after downloading and reviewing affected variations of the app.”

Patching and checking for proof of exploitation

To defend in opposition to potential assaults, Atlassian recommends updating to a patched model of Questions for Confluence or disabling/deleting the disabledsystemuser account.

Updating the Questions for Confluence app to a set model (variations 2.7.x >= 2.7.38 or variations higher than 3.0.5) will take away the problematic person account if current.

If you wish to decide if a server is affected by this hardcoded credentials safety flaw, it’s a must to test for an energetic person account with the next data:

  • Person: disabledsystemuser
  • Username: disabledsystemuser
  • Electronic mail: [email protected]

To search for proof of exploitation, you may test the final authentication time for disabledsystemuser utilizing the next directions. If the result’s null, the account exists on the system, however nobody has but signed in utilizing it.

It is also essential to say that uninstalling the Questions for Confluence app on affected servers won’t take away the assault vector (i.e., the hardcoded credentials) and the unpatched programs will stay uncovered to assaults.

Confluence servers are engaging targets for menace actors, as proven by earlier assaults with Linux botnet malware, AvosLocker and Cerber2021 ransomware, and crypto miners.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments