Backdoor Discovered In Atlassian Crowd

An anonymous reader writes "Recently published on the Command Five website is a technically detailed threat advisory (PDF) in relation to a recurring vulnerability in Atlassian Crowd. Tucked away inconspicuously at the end of this document in a section entitled 'Unpatched Vulnerabilities' is the real security bombshell: Atlassian's turnkey solution for enterprise single sign-on and secure user authentication contains an unpatched backdoor. The backdoor allows anyone to remotely take full control of a Crowd server and, according to Command Five, successful exploitation 'invariably' results in compromise of all application and user credentials as well as accessible data storage, configured directories (for example Active Directory), and dependent systems."

Re:Not surprising

[l0ungeb0y]

Each release of JIRA has functionality and flexibility that people actually want removed in the name of making it easier to use for new users

What are you talking about? I've been using JIRA for years and have worked with many companies who use JIRA and have heard no complaints about their features. They have many features and they work very well for me and others.

Personally, I enjoy the Atlassian stack, find it unrivaled in feature coverage and have migrated many clients to the Atlassian stack.
And I've ever seen any sort of lag when typing in any field in JIRA or Crucible, or Crowd or Greenhopper or Fisheye or Confluence.

But then again, I don't use ghostery, don't know what it is, never heard of it, don't use it and wonder why you expect Atlassian to craft their software stack against third party software.

From the tone of your post, you are just leaping at a chance for a cheap jab at Atlassian with trumped up nonsense.

Re: Huh?

[madprof]

Just because there is more than one lazy person does not make it OK to be lazy.