CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

DigitalOcean Warns of Vulnerability Affecting Cloud Users

DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well.

DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well.

DigitalOcean customers reported on social media that they received an email recommending that they run a script to determine if their Droplets – the name used by the company for its cloud servers – are affected by the vulnerability.

The company allows its users to deploy pre-built and pre-configured applications with only one click. The list of 1-Click (One-Click) applications includes Node.js, Rails, Redis, MongoDB, Docker, GitLab, Magento and many others.

DigitalOcean discovered that 1-Click applications running MySQL on Debian and Ubuntu create a MySQL user named “debian-sys-maint” that has the same password on all Droplets created from a 1-Click image.

The “debian-sys-maint” user is designed for local administration purposes and it should have a random password. However, due to a bug, all instances of an application created from the same 1-Click image have the same password.

DigitalOcean said the vulnerability, which is “potentially remotely exploitable,” affects MySQL and several other applications that use MySQL, including PHPMyAdmin, LAMP, LEMP, WordPress and OwnCloud.

“We will be issuing a public notice regarding this issue, but first wanted to ensure our impacted users had time to take action,” the company said in its email to customers. “As part of our verification process, we have discovered that images on other cloud providers also have this mis-configuration.”

DigitalOcean has provided a script that allows users to determine if their Droplets are affected and updates their password if needed. The script works on Ubuntu 14, 16 and 17, and Debian 7 and 8; Debian 9 is not impacted.

Advertisement. Scroll to continue reading.

Customers who have changed the password for the “debian-sys-maint” user after installation of a 1-Click app are not affected by the flaw and they don’t need to take any action.

“We have changed our 1-Clicks to ensure that all future Droplets will have unique, auto-generated passwords for this user,” DigitalOcean said.

Related Reading: Cloudflare Leaked Sensitive Customer Data

Related Reading: Oracle Improves Cloud Security Offering

Related Reading: Cloud Security Firm ShieldX Emerges From Stealth

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.