Closed vulnerabilities in OpenVPN Access Server

User account with default password puts Atlassian Confluence at risk

Atlassian’s Confluence Server and Data Center wiki software are vulnerable. Confluence Cloud is not affected by the vulnerability, the developers assure.

However, systems are only vulnerable if the Q&A application Questions for Confluence app is installed. If this is the case, the app for Confluence Server and Data Center automatically creates an account with the username “disabledsystemuser”. A default password is assigned when it is created, which attackers could obtain with comparatively little effort.

Equipped with this, they could access all unrestricted pages of a wiki by default. In a warning message, the developers classify the vulnerability (CVE-2022-26138) as “critical” a. Atlassian assures that they have not observed any attacks so far.

Admins should check in their Confluence installations whether an account with the following data exists:

  • User: disabledsystemuser
  • Username: disabledsystemuser
  • Email: dontdeletethisuser@email.com

If so, they should act. The versions Questions for Confluence 2.7.34, 2.7.35 and 3.0.2 are specifically affected.

Uninstalling the application does not solve the security problem since the account remains. To secure systems, admins need the repaired Issue 7/2/38 or 3.0.5 to install. Alternatively, you can deactivate or remove the account.

By looking at the list of registered users, one can check whether attackers have already exploited the vulnerability. The developers describe how this works in an article.

(of)

To home page

C++ Special Member Functions: The Webinar by Heise Previous post Good Class Design for C++: The Heise Webinar
Bug fixes and security: watchOS 8.7, tvOS 15.6 and HomePod OS 15.6 available Next post Bug fixes and security: watchOS 8.7, tvOS 15.6 and HomePod OS 15.6 available