Opensuse, the popular Linux distro, have recently posted a news bulletin to their blog, confirming that a hacker was able to exploit a vulnerability in their forum software and upload files to the site. This allowed the hacker to circumvent security and gave him access to the forum's database.
OpenSuse has said that passwords are still safe as they use a single sign on system called Access Manager from NetIQ, so the passwords were not actually stored in the database itself but the hacker will have had access to all the email address stored in the database. The hacker had confirmed he had managed to access passwords but they were just random automatically set strings that are in no way connected to the users' real passwords.
The organization has confirmed that, due to the nature of the attack, there are no known fixes or workarounds to fix the exploit. So to make it safe for all users they have decided to take the site offline.
A notice on the OpenSuse forum confirms that there was a security hole in one of the plugins that was being used and they have now disabled the plugin. The message boards will remain offline until they're able to clean up the fallout from the hack. The site also confirmed that they have made changes to their files to better enhance security but this may have unwanted side efects on existing links in search engines and bookmarks the users have saved.
Even though no passwords have been leaked users that have used the same email and password combo on any other sites should change their log-in info just to be on the safe side.
Source: OpenSuse | Image courtesy of Seguridadexpertos
44 Comments - Add comment