Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - Backdoor Discovered in Atlassian Crowd

Submitted by Anonymous Coward
An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell:

Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation "invariably" results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems.

Despite having over 25,000 customers, including lots of big names and Fortune 500 companies, this isn't the first time Atlassian has been in the news for epic security-fail. In 2010 Atlassian suffered a security breach in which hackers compromised customer credentials that were stored on a server in plain-text. The server then collapsed under load as customers scrambled to change their passwords."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Backdoor Discovered in Atlassian Crowd

Comments Filter:

If you can't understand it, it is intuitively obvious.

Working...