Crime Committed By : An Old PHP version that got the user database leaked
There has been an update on the PHP source code compromise. As we all know, the PHP code repository was compromised last month. The crime was committed in the name of the creator of PHP, Rasmus Lerdorf and then recommitted by Nikita Popov’s name. The team suspected that someone broke in the server.
Then came up a new post by Popov saying, “We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked.”
– Nikita Popov said
The server which was broke into uses gitolite which enables git hosting. Popov detected that “these two commits bypassed the gitolite infrastructure entirely,” which lead him to suspect a server break-in. They decided to promote the PHP repository on GitHub as the primary one because it would take time to investigate the weakness and set up a new server. The finding is that the user database was leaked.
This theory is undermined by the fact that the logs guesses the usernames. Once the correct username was detected, there was immediate authentication. It is found that his user database was part of “very old code on a very old operating system/PHP version,” said Popov, who added that a vulnerability or weaknesses “would not be terribly surprising.”
PHP Logs
The actions that are being taken include resetting all passwords, also the Password encryption has been upgraded to use bcrypt, it is not compatible with Apache’s HTTP Digest authentication. Other actions include amending the code to use parameterised queries, to protect against SQL injection attacks.
There can be no proper explanations on what went wrong there as it won’t be enough. We all can understand from this, whatever may be the security be or how much ever security we use for our repository, there is no guarantee that it is safe or will keep our user databases safe.
Hello.This post was extremely interesting, especially because I was investigating for thoughts on this issue last Thursday.