News

Canonical warns that strangers had access to Ubuntu forum database

By admin
Spread the love

Canonical has issued a warning stating that unknown persons have accessed the Ubuntu forums database. They only read the user table with usernames, email addresses and IP addresses. There was no access to active passwords.

Instead of passwords, the table only contained random strings, because the forums use sso. These strings had a hash and a salt, according to Canonical. There was access to data of approximately 2 million users. The organization was made aware of the incident on Thursday, when someone claimed to have a copy of the forum database. After investigation it turned out that there had indeed been unauthorized access and the forum was taken offline.

The investigation revealed that the attacker entered through a sql injection leak in the Forumrunner add-on, which was not patched. The attacker could not access the Ubuntu repositories and write data to the database, the organization adds. It was also unable to open a shell.

Canonical reports that it has taken action by wiping and rebuilding all servers running the VBulletin forum software. The latest patches have also been implemented and all passwords have been reset. As additional measures, a ModSecurity firewall has been installed and more attention is paid to applying patches for VBulletin.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Logitech acquires stream controller maker Loupedeck

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Rumor: EU starts investigation into Microsoft for including Teams with Office

Exit mobile version