Hardcoded password in Confluence app has been leaked on Twitter

Getty Images

What’s worse than a broadly used Internet-connected enterprise app with a hardcoded password? Try mentioned enterprise app after the hardcoded password has been leaked to the world.

Atlassian on Wednesday revealed three essential product vulnerabilities, together with CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that permits customers to rapidly obtain assist for widespread questions involving Atlassian merchandise. The firm warned the passcode was “trivial to obtain.”

The firm mentioned that Questions for Confluence had 8,055 installations on the time of publication. When put in, the app creates a Confluence person account named disabledsystemuser, which is meant to assist admins transfer information between the app and the Confluence Cloud service. The hardcoded password defending this account permits for viewing and modifying of all non-restricted pages inside Confluence.

“A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to,” the corporate mentioned. “It is important to remediate this vulnerability on affected systems immediately.”

A day later, Atlassian was again to report that “an external party has discovered and publicly disclosed the hardcoded password on Twitter,” main the corporate to ratchet up its warnings.

“This issue is likely to be exploited in the wild now that the hardcoded password is publicly known,” the up to date advisory learn. “This vulnerability should be remediated on affected systems immediately.”

The firm warned that even when Confluence installations do not actively have the app put in, they might nonetheless be susceptible. Uninstalling the app would not routinely remediate the vulnerability as a result of the disabledsystemuser account can nonetheless reside on the system.

Advertisement

To work out if a system is susceptible, Atlassian suggested Confluence customers to seek for accounts with the next data:

Atlassian supplied extra directions for finding such accounts right here. The vulnerability impacts Questions for Confluence variations 2.7.x and three.0.x. Atlassian supplied two methods for purchasers to repair the difficulty: disable or take away the “disabledsystemuser” account. The firm has additionally revealed this record of solutions to continuously requested questions.

Confluence customers searching for exploitation proof can examine the final authentication time for disabledsystemuser utilizing the directions right here. If the result’s null, the account exists on the system, however nobody has but signed in utilizing it. The instructions additionally present any current login makes an attempt that had been profitable or unsuccessful.

“Now that the patches are out, one can expect patch diff and reversing engineering efforts to produce a public POC in a fairly short time,” Casey Ellis, founding father of vulnerability reporting service Bugcrowd, wrote in a direct message. “Atlassian retailers ought to get on to patching public-facing merchandise instantly, and people behind the firewall as rapidly as potential. The feedback in the advisory recommending towards proxy filtering as mitigation recommend that there are a number of set off pathways.

The different two vulnerabilities Atlassian disclosed on Wednesday are additionally critical, affecting the next merchandise:

  • Bamboo Server and Data Center
  • Bitbucket Server and Data Center
  • Confluence Server and Data Center
  • Crowd Server and Data Center
  • Crucible
  • Fisheye
  • Jira Server and Data Center
  • Jira Service Management Server and Data Center

Tracked as CVE-2022-26136 and CVE-2022-26137, these vulnerabilities make it potential for distant, unauthenticated hackers to bypass Servlet Filters utilized by first- and third-party apps.

“The impact depends on which filters are used by each app, and how the filters are used,” the corporate mentioned. “Atlassian has released updates that fix the root cause of this vulnerability but has not exhaustively enumerated all potential consequences of this vulnerability.”

Vulnerable Confluence servers have lengthy been a favourite opening for hackers trying to set up ransomware, cryptominers, and different types of malware. The vulnerabilities Atlassian disclosed this week are critical sufficient that admins ought to prioritize a radical evaluate of their programs, ideally earlier than the weekend begins.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Posts

Together At Last: Titans Promises a Tighter Team and Darker Foes

The Titans have confronted interdimensional demons, assassins and a famously fearsome psychiatrist, however are they ready for what’s coming subsequent? HBO Max’s Titans returns...

Tweet Saying Nets ‘Formally Released Kyrie Irving’ Is Satire

Claim: The Brooklyn Nets launched Kyrie Irving from the NBA crew on Nov. 3, 2022. Rating: On Nov. 3,...

Data intelligence platform Alation bucks economic tendencies, raises $123M

Join us on November 9 to learn to efficiently innovate and obtain effectivity by upskilling and scaling citizen builders on the Low-Code/No-Code Summit. Register...

Medieval II Kingdoms expansion release date revealed

If you’ve been itching for extra Total War gameplay, we’ve received one thing for you. Feral Interactive has lastly revealed the Total War:...