Attackers compromised a database with email-addresses and passwords hashes wiki.
Information Security Debian project provided a detailed report on the audit of hacking site wiki.debian.org, after the administration announced the discovery of a resource leak user data. So at the end of last week, a resource guide reported finding traces of unloading a database of email addresses and passwords hashes. It turned out that the intruders in was possible because of failure to eliminate vulnerabilities in wiki-engine MoinMoin, which developers have eliminated in December last year. Underlying vulnerability allows attackers to execute its code on the server that serves Wiki.
The administration site is initiated moving the project to a new server, and began a program of change passwords Wiki.
According to the study of the old server, cybercriminals are not able to get administrative rights to access the resource, resulting in a limited study of the system under the guise of one of the users. However, the researchers recorded the database leak that caused the initiation of the process of change passwords. The experts also found that to hide the traces of malicious attacks using network Tor, and for the study of the system was installed with the support of backdoor web-shell.
Note that almost immediately after the publication of research results server, the administration of the project Python, using the same engine, reported the detection of penetration resource wiki.python.org, which was broken the day before the update release MoinMoin 1.9.6 with security fixes.
During the attack on wiki.python.org attacker also could not get root access, and trying to remove the traces of their presence in the system, was discovered.
However, an attacker could still compromise the database password hashes resource users Python and Jython. Administration immediately initiated the process of changing passwords, and also warned about what happened all users whose credentials can be compromised.
