Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Data Breaches

ColdFusion Zero-Day allows hackers to steal Customer Data

Paul Anderson by Paul Anderson
April 17, 2013
in Data Breaches, Security
2
cf marquee family
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

A vulnerability in the ColdFusion Web server platform, reported by Adobe less than a week ago, has apparently been in the wild for almost a month and has allowed the hacking of at least one company website, exposing customer data. Yesterday, it was revealed that the virtual server hosting company Linode had been the victim of a multi-day breach that allowed hackers to gain access to customer records.

You might also like

BreachForums Owner Arrested and Charged

US politicians personal details compromised in hack

Acer corporate confirms breach – data being sold for Monero

The breach was made possible by a vulnerability in Adobe’s ColdFusion server platform that could, according to Adobe, “be exploited to impersonate an authenticated user.” A patch had been issued for the vulnerability on April 9 and was rated as priority “2” and “important.” Those ratings placed it at a step down from the most critical, indicating that there were no known exploits at the time the patch was issued but that data was at risk. Adobe credited “an anonymous security researcher,” with discovering the vulnerability.

But according to IRC conversation including one of the alleged hackers of the site, Linode’s site had been compromised for weeks before its discovery. That revelation leaves open the possibility that other ColdFusion sites have been compromised as hackers sought out targets to use the exploit on.

ColdFusion is a Java-based Web server platform that interprets its own proprietary markup language in page code to access server-side application components and data. It has had a large installed base in the government sector and other markets, but its market share has been in decline for some time, and the technology has seen little change since 2009. In 2011, Adobe announced it was moving the whole of ColdFusion development to India.

The element attacked is its user authentication component, cflogin. In March, a ColdFusion user reported encountering errors in cflogin he believed were because of attempted hack attacks. “I’ve now seen cflogin throw an error twice now with bad input at—I believe—the cookie level,” he reported to Adobe’s bug tracker.

By exploiting the login vulnerability, the hackers were able to gain access to the Linode server itself and to the site’s code. Through the code, they were able to obtain the login credentials to Linode’s database and stole customer data that included hashed passwords, encrypted credit card data, and the unencrypted last four digits of credit cards used for verification purposes. Customer keys for Linode’s deployment and management APIs were also exposed.

Linode has expired those keys and is re-issuing them. Linode representatives said in a blog post that it has “no evidence decrypted credit card numbers were obtained” and added that the encryption key for credit card data was not stored on the server and was “not guessable, sufficiently long and complex, not based on dictionary words, and not stored anywhere but in our heads.”

Article originally appeared on Arstechnica.com

Tags: 0dayColdfusionhackwebsite
Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

BreachForums Owner Arrested and Charged

by Paul Anderson
March 17, 2023
0
BreachForums Owner Arrested and Charged

On Wednesday afternoon, federal agents arrested a man in Peekskill, New York, for allegedly running a dark web data breach site known as "BreachForums." The suspect, Conor Brian...

Read more

US politicians personal details compromised in hack

by Kyle
March 9, 2023
0
US politicians personal details compromised in hack

A hacker has claimed that personally identifiable information (PII) belonging to several members of the US Congress may have been compromised in a cyberattack on DC Health Link,...

Read more

Acer corporate confirms breach – data being sold for Monero

by Kyle
March 8, 2023
0
Acer corporate confirms breach – data being sold for Monero

Acer, the sixth-largest PC maker in the world, has confirmed that it suffered a data breach in mid-February 2023 that compromised its intellectual property and other sensitive data....

Read more

Stolen credit card market BidenCash leaks over 2 million credit cards

by Paul Anderson
March 3, 2023
0
Stolen credit card market BidenCash leaks over 2 million credit cards

BidenCash, a marketplace that focuses on carding, has leaked a database of 2,165,700 credit and debit cards to celebrate its first anniversary. Instead of keeping the leak a...

Read more

Blackmailing data thieves who targeted thousands of businesses apprehended

by Paul Anderson
February 26, 2023
0
Blackmailing data thieves arrested by Dutch police

The Dutch police recently apprehended three additional suspects in what is considered one of the most significant data extortion cases to date. These suspects, aged between 18 and...

Read more
Next Post
47 Fixes in Java’s Latest Patch

47 Fixes in Java's Latest Patch

Related News

NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.