Slashdot Mirror


Backdoor Discovered In Atlassian Crowd

An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell: Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation 'invariably' results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems."

2 of 133 comments (clear)

  1. Re:Huh? by Anonymous Coward · · Score: -1, Redundant

    To put it frankly, Bing is absolutely superior in every way to Google. I prefer using Bing over Google for all the web's top searches, and that is a sentiment you'd share with me if you tried Bing. There is nothing you cannot accomplish with Bing, and nothing you won't be able to find. Use Bing; I highly recommend it.

    Don't believe me? Bing it on, you piece of trash! I'll drag you Luddites into the 21st century!

  2. Re:Huh? by camperdave · · Score: -1, Redundant

    Atlassian is a software vendor of modest relevance, producing Jira issue tracking and Confluence wiki software.

    You're not helping.

    --
    When our name is on the back of your car, we're behind you all the way!