OpenSUSE forum hacked and defaced, Users email id compromised.

The Official forum of ‘OpenSUSE’ based on Linux distro developed. was hacked and defaced yesterday by Hacker going with the handle “HAXOR HUSSY” Member of Team Madleets.
The Forum (https://forums.opensuse.org/vbseo_sitemap/) was defaced using the vulnerability in the forums software vBulletin’s, zero day exploit. which allowed him to upload a php shell, and granted secured access to site’s database.
Though the website is currently unreachable, you can still see the Mirror of the defacement on Zone H from here https://zone-h.org/mirror/id/21473823

Screenshot of deface website, source THN
Despite the claims of Hacker that he have Compromised user data including, emails, username and passwords. OpenSUSE insisted that no passwords were compromised in the hack.
 
A blogpost from OpenSUSE reads. “Credentials for your openSUSE login are not saved in our application databases as we use a single-sign-on system (Access Manager from NetIQ) for all our services. This is a completely separate system and it has not been compromised by this crack. 
 
What the cracker reported as compromised passwords where indeed random, automatically set strings that are in no way connected to your real password.” 
 
Since the Exploit present in the forum software have no fixes at present, OpenSUSE have decided to take the forum down until they found a solution. with which the forum is still down after 1 day of the attack.
Abhishek Kumar Jha
Abhishek Kumar Jha
Knowledge is Power

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Read More

Suggested Post