PHP Site’s User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.

“We no longer believe the server has been compromised. However, it is possible that the user database leaked,” Nikita Popov said in a message posted on its mailing list on April 6.

password auditor

On March 28, unidentified actors used the names of Rasmus Lerdorf and Popov to push malicious commits to the “php-src” repository hosted on the server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack.

While this was initially treated as a compromise of the server, further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authentication, leading them to suspect a possible leak of the user database.

The “ (intentionally) support[s] pushing changes not only via SSH (using the Gitolite infrastructure and public key cryptography), but also via HTTPS,” Popov said. “The latter did not use Gitolite, and instead used git-http-backend behind Apache 2 Digest authentication against the user database.”

password auditor

“It is notable that the attacker only makes a few guesses at usernames, and successfully authenticates once the correct username has been found. While we don’t have any specific evidence for this, a possible explanation is that the user database of has been leaked, although it is unclear why the attacker would need to guess usernames in that case.”

Additionally, the authentication system is said to be on a very old operating system and a version of PHP, raising the possibility that the attackers may have also exploited a vulnerability in the software to stage the attack.

As a consequence, the maintainers have migrated to a new system with support for TLS 1.2, in addition to resetting all existing passwords and storing passwords using bcrypt instead of a plain MD5 hash.

Source link



Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Laisser un commentaire