Backdoor Discovered In Atlassian Crowd 133
An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell: Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation 'invariably' results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems."
Re:Huh? (Score:4, Funny)
Must be the heat playing tricks on my brain. I thought the headline said Atlassian Cloud. And that was going to be the excuse to post about a backdoor discovered in a real cloud. [photobucket.com]
Re:Huh? (Score:5, Funny)