The OpenSSL Foundation has released its final statement regarding the recent hack attack on the OpenSSL website, openssl.org.
In a statement published on January 1, the organization noted that the attack was pulled off via a hypervisor. In an update published on Friday, additional details were provided.
“The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual serve,” OpenSSL representatives noted.
This confirms the fact that the attackers haven’t exploited any vulnerabilities in VMware products.
Besides changing the OpenSSL website’s index page, the attackers haven’t caused any damage. Source repositories have been reviewed and they don’t appear to be impacted.