PHP Site’s User Database Was Hacked In Recent Source Code Backdoor Attack


The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.

“We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked,” Nikita Popov said in a message posted on its mailing list on April 6.

password auditor

On March 28, unidentified actors used the names of Rasmus Lerdorf and Popov to push malicious commits to the “php-src” repository hosted on the git.php.net server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack.

While this was initially treated as a compromise of the git.php.net server, further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authentication, leading them to suspect a possible leak of the master.php.net user database.

The “git.php.net (intentionally) support[s] pushing changes not only via SSH (using the Gitolite infrastructure and public key cryptography), but also via HTTPS,” Popov said. “The latter did not use Gitolite, and instead used git-http-backend behind Apache 2 Digest authentication against the master.php.net user database.”

password auditor

Additionally, the master.php.net authentication system is said to be on a very old operating system and a version of PHP, raising the possibility that the attackers may have also exploited a vulnerability in the software to stage the attack.

As a consequence, the maintainers have migrated master.php.net to a new main.php.net system with support for TLS 1.2, in addition to resetting all existing passwords and storing passwords using bcrypt instead of a plain MD5 hash.





Source link

Latest articles

What to consider when shopping for cyber insurance

Cyber insurance is gaining favor in the business world. An expert offers tips on how...

BazarLoader Malware Abuses Slack, BaseCamp Clouds

Two cyberattack campaigns are making the rounds using unique social-engineering techniques. Source link

Update to REvil ransomware changes Windows passwords to automate file encryption via Safe Mode

The ransomware changes the device password to "DTrump4ever" and forces the device to log in...

iOS Kids Game Morphs into Underground Crypto Casino

A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with...

Related articles

Leave a reply

Please enter your comment!
Please enter your name here