Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Backdoor Discovered in Atlassian Crowd

An anonymous reader writes: Recently published on the Command Five website is a technically detailed threat advisory in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell:

Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation "invariably" results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems.

Despite having over 25,000 customers, including lots of big names and Fortune 500 companies, this isn't the first time Atlassian has been in the news for epic security-fail. In 2010 Atlassian suffered a security breach in which hackers compromised customer credentials that were stored on a server in plain-text. The server then collapsed under load as customers scrambled to change their passwords.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Backdoor Discovered in Atlassian Crowd

Comments Filter:

Research is to see what everybody else has seen, and think what nobody else has thought.

Working...