User account with default password puts Atlassian Confluence at risk

User account with default password puts Atlassian Confluence at risk

Atlassian’s Convergence server wiki software and Data Center wiki software are weak. The developers assure that Confluence Cloud is not affected by the vulnerability.

However, systems are only vulnerable if the Confluence App Q&A app is installed. If this is the case, the app for Confluence Server and Data Center automatically creates an account with the username ‘System Canceled’. A default password is set when it is generated, which attackers can obtain with relatively little effort.

Equipped with this, they can access all unrestricted wiki pages by default. In a warning, the developers classify the vulnerability (CVE-2022-26138) as “criticalA. Atlassian confirmed that they have not detected any attacks yet.

Administrators should check their Confluence installations to see if there is an account with the following data:

If so, they should act. Confluence Question versions 2.7.34, 2.7.35 and 3.0.2 are particularly affected.

Uninstalling the app does not solve the security issue because the account remains. To secure systems, administrators need to fix Issue 7/2/38 or 3.0.5 to install. Alternatively, you can deactivate or remove the account.

By looking at the list of registered users, one can check if the attackers have already exploited the vulnerability. The developers describe how this works in an article.


(From)

to the home page

See also  5000 Steam Key Easter Nest 2022 | chip

Leave a Reply

Your email address will not be published.