[technology taskforce] Ars Technica : Hardcoded password in Confluence app has been leaked on Twitter Advisory had already warned hardcoded password was "trivial to obtain."
Dev Anand Teelucksingh
devtee at gmail.com
Mon Jul 25 15:03:44 UTC 2022
“Atlassian on Wednesday revealed three critical product vulnerabilities
<https://confluence.atlassian.com/security/july-2022-atlassian-security-advisories-overview-1142446703.html>,
including CVE-2022-26138
<https://www.cve.org/CVERecord?id=CVE-2022-26138> stemming
from a hardcoded password in Questions for Confluence
<https://marketplace.atlassian.com/apps/1211644/questions-for-confluence?hosting=server&tab=overview>,
an app that allows users to quickly receive support for common questions
involving Atlassian products. The company warned the passcode was "trivial
to obtain."
The company said that Questions for Confluence had 8,055 installations at
the time of publication. When installed, the app creates a Confluence user
account named disabledsystemuser, which is intended to help admins move
data between the app and the Confluence Cloud service. The hardcoded
password protecting this account allows for viewing and editing of all
non-restricted pages within Confluence.”
Read rest of article:
https://arstechnica.com/information-technology/2022/07/atlassian-warns-hardcoded-password-flaw-is-likely-to-be-exploited-in-the-wild/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/ttf/attachments/20220725/06c98e4c/attachment.html>
More information about the ttf
mailing list