Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Backdoor Discovered in Atlassian Crowd

Anonymous Coward writes | about a year ago


An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell:

Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation "invariably" results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems.

Despite having over 25,000 customers, including lots of big names and Fortune 500 companies, this isn't the first time Atlassian has been in the news for epic security-fail. In 2010 Atlassian suffered a security breach in which hackers compromised customer credentials that were stored on a server in plain-text. The server then collapsed under load as customers scrambled to change their passwords."

cancel ×


Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>