Apache.org hit by targeted XSS attack, passwords compromised

Posted on Tuesday, April 13, 2010 @ 16:42:01 CEST in Security
by Raven

Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.

The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords. ”In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them,” Apache said.

Read Apache.org hit by targeted XSS attack, passwords compromised
click Related        click Share
Associated Topics


News ©

Site Info v2.2.2 ©

Last SeenLast Seen
  • neralex
  • FireATST
Server TrafficServer Traffic
  • Total: 379,200,500
  • Today: 4,210
Server InfoServer Info
  • Mar 25, 2019
  • 02:10 am CET