Posts Tagged ‘MoinMoin vulnerability’

HackersAttackers compromised a database with email-addresses and passwords hashes wiki.

Information Security Debian project provided a detailed report on the audit of hacking site wiki.debian.org, after the administration announced the discovery of a resource leak user data. So at the end of last week, a resource guide reported finding traces of unloading a database of email addresses and passwords hashes. It turned out that the intruders in was possible because of failure to eliminate vulnerabilities in wiki-engine MoinMoin, which developers have eliminated in December last year. Underlying vulnerability allows attackers to execute its code on the server that serves Wiki.

The administration site is initiated moving the project to a new server, and began a program of change passwords Wiki.

According to the study of the old server, cybercriminals are not able to get administrative rights to access the resource, resulting in a limited study of the system under the guise of one of the users. However, the researchers recorded the database leak that caused the initiation of the process of change passwords. The experts also found that to hide the traces of malicious attacks using network Tor, and for the study of the system was installed with the support of backdoor web-shell. (more…)