Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Discovered In Atlassian Crowd

Posted by timothy on from the your-gate-is-up dept.

An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell: Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation 'invariably' results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems."

2 of 133 comments (clear)

  1. Re:Huh? by Scarletdown · · Score: 3, Funny

    Must be the heat playing tricks on my brain. I thought the headline said Atlassian Cloud. And that was going to be the excuse to post about a backdoor discovered in a real cloud.

    --
    This space unintentionally left blank.
  2. Re:Huh? by flyingfsck · · Score: 4, Funny

    Well, they just made sure that *anyone* can sign on. It is a very convenient feature.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!