Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Critical vulnerabilities found in single sign-on enterprise tool Atlassian Crowd

Lucian Constantin | July 2, 2013
One critical vulnerability was fixed, but a second one remains unpatched, security researchers from Command Five said.

Aside from this patched vulnerability, Command Five is also aware of at least another critical vulnerability in Atlassian Crowd that hasn't been fixed yet. That vulnerability could be classified as a backdoor and allows unauthenticated attackers to take full control of any Crowd server they can access over the network, the researchers said.

Successful exploitation of the yet-to-be-patched vulnerability "invariably results" in the compromise of all active Crowd application credentials, user credentials, accessible data storage, configured directories and dependent secure systems, they said.

Atlassian didn't immediately respond to a request for comment.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.