U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

GitHub urged some users to reset their passwords after accidental recorded them

GitHub, world’s leading software development platform, forced password reset for some users after the discovery of a problem that caused internal logs to record passwords in plain text. GitHub urged some users to reset their passwords after a problem caused internal logs to record passwords in plain text. Some users published on Twitter the communication […]

GitHub bugbounty

GitHub, world’s leading software development platform, forced password reset for some users after the discovery of a problem that caused internal logs to record passwords in plain text.

GitHub urged some users to reset their passwords after a problem caused internal logs to record passwords in plain text.

Some users published on Twitter the communication received via email by the company, the incident was discovered during a regular internal audit.

https://securityaffairs.co/wordpress/wp-content/uploads/2018/05/github-password-reset.jpg

The company immediately clarified that its systems were not hacked and that users’ data are not at risk.

According to GitHub, only a “small number” of users are affected, the company forced them a password reset for their accounts and confirmed to have fixed the problem.

The mail provides details on the problems and explained that user passwords were stored in a secure way.

“GitHub stores user passwords with secure cryptographic hashes (bcrypt). However, this recently introduced bug resulted in our secure internal logs recording plaintext user passwords when users initiated a password reset,” GitHub said.

The company added that the plaintext passwords were only accessible through internal log files accessible to a small portion of its IT staff, they were not publicly available.

github social coding

Back in June 2016, the company adopted a similar measure forcing password reset for its customers after it became aware of unauthorized attempts to access a large number of its accounts.

GitHub accounts could represent a mine of information for attackers, in March 2017 threat actors targeted developers having repositories with a data-stealing malware called Dimnie. The malicious code includes keylogging features and modules that capture screenshots, the attackers were searching something of interest among the huge number of projects hosted on the platform.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – GitHub , password)

[adrotate banner=”5″]

[adrotate banner=”13″]