Confluence, the enterprise wiki software developed by Australian company Atlassian, was found to have hardcoded passwords, and to make matters worse, the passwords were leaked . The hardcoded application is Questions for Confluence , which when installed creates an account called disabledsystemuser, designed to help administrators transfer data between the application and the Confluence cloud service. Atlassian admits that an unauthorized remote attacker who knows the hardcoded password can log in to Confluence to access any page the user group has access to. The affected versions are Questions for Confluence versions 2.7.x and 3.0.x. User can search for the existence of User: disabledsystemuser, Username: disabledsystemuser and Email: [email protected].
This article is reprinted from: https://www.solidot.org/story?sid=72231
This site is for inclusion only, and the copyright belongs to the original author.