OpenSSL Website Hacked Through Insecure Password at Hosting Provider


OpenSSL Software Foundation provides additional details on security breach

The OpenSSL Foundation has released its final statement regarding the recent hack attack on the OpenSSL website, openssl.org.

In a statement published on January 1, the organization noted that the attack was pulled off via a hypervisor. In an update published on Friday, additional details were provided.

“The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual serve,” OpenSSL representatives noted.

This confirms the fact that the attackers haven’t exploited any vulnerabilities in VMware products.

Besides changing the OpenSSL website’s index page, the attackers haven’t caused any damage. Source repositories have been reviewed and they don’t appear to be impacted.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s