Daily Tech News, Interviews, Reviews and Updates

Atlassian: Patch Confluence Immediately After Hardcoded Password Breach

Security
By Team Tech Outlook
Image Credits: PortSwigger

Customers of the Australian software company Atlassian have been advised to fix a serious flaw that allows remote attackers to log into unpatched Confluence Server and Data Center systems using hardcoded credentials.
The Questions for Confluence app (found on over 8,000 servers) generates a disabledsystemuser account with a hardcoded password to aid administrators in moving data from the app to the Confluence Cloud, the business said this week.
The hardcoded password had been discovered and disseminated publicly, thus Atlassian issued a warning to admins to fix their servers as quickly as possible one day after providing security patches to address the vulnerability (recorded as CVE-2022-26138).

The hardcoded password was found and made available to the public on Twitter by an outsider. The business said on Thursday that it is crucial to promptly fix this vulnerability on impacted systems. Given that the hardcoded password is now widely known, this problem is probably going to be exploited in the wild. Because threat actors with this information might use it to enter into vulnerable Confluence servers and access sites that the confluence-users group has access to, the warning is both timely and essential.

Atlassian advises either upgrading to a patched version of Questions for Confluence or deactivating/deleting the disabledsystemuser account to protect against possible attacks.

If the problematic user account is present, updating the Questions for Confluence app to a corrected version (versions 2.7.x >= 2.7.38 or versions more than 3.0.5) will get rid of it.
Look for an active user account with the following information to see if a server is vulnerable due to this hardcoded credentials security flaw:
Identifier: disabledsystemuser

Email: [email protected]

Username: disabledsystemuser

The disabledsystemuser’s most recent authentication time can be checked using the steps below to search for signs of exploitation. If the response is nil, the account is still active but hasn’t been used to log in.

Furthermore, it’s critical to note that removing the Questions for Confluence software from impacted servers won’t eliminate the attack vector—specifically, the hardcoded credentials—and that unpatched systems will continue to be vulnerable to assaults.

Confluence servers have been the subject of prior assaults by threat actors, including crypto miners, the AvosLocker and Cerber2021 ransomware, and Linux botnet malware.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Team Tech Outlook 5361 posts

Our aim is to showcase our love towards technology, but also love to post about Science,Web, Gadgets, Blogs, Interviews, reviews, and many more. Also we try to grow this tech community and help people in choosing the right Techies!

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More