Enlarge (credit score: Getty Photos)
What’s worse than a extensively used Web-connected enterprise app with a hardcoded password? Attempt mentioned enterprise app after the hardcoded password has been leaked to the world.
Atlassian on Wednesday revealed three essential product vulnerabilities, together with CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that enables customers to shortly obtain help for frequent questions involving Atlassian merchandise. The corporate warned the passcode was “trivial to acquire.”
The corporate mentioned that Questions for Confluence had 8,055 installations on the time of publication. When put in, the app creates a Confluence person account named disabledsystemuser, which is meant to assist admins transfer knowledge between the app and the Confluence Cloud service. The hardcoded password defending this account permits for viewing and enhancing of all non-restricted pages inside Confluence.
Learn 12 remaining paragraphs | Feedback
