Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Drupal Forces Password Resets After Breach Discovery

Drupal.org, home to one of the Web’s most popular Content Management System (CMS) platforms, has issued an alert to community members and reset all account passwords after their infrastructure and security teams discovered malicious files on a server.

Drupal.org, home to one of the Web’s most popular Content Management System (CMS) platforms, has issued an alert to community members and reset all account passwords after their infrastructure and security teams discovered malicious files on a server.

According to the notice posted on Wednesday, the Drupal.org Security Team discovered malicious files on association.drupal.org servers, which were placed there by attackers who targeted a third-party application used by that site. Drupal stressed that the incident doesn’t reflect any sort of vulnerability with the Drupal platform itself.

The malicious files discovered may have exposed user information stored on Drupal.org and groups.drupal.org, including usernames, email addresses, and country information, as well as hashed passwords. As a precaution, Drupal has reset all account passwords, and users will be forced to change them on their next login. Credit card information is not stored by Drupal, the organization said, and they have seen no evidence that suggest that such details were intercepted by the attackers.

“However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly,” they said.

Drupal said that while all of the latest stored passwords are salted and hashed, a process that makes cracking them extremely difficult assuming the attackers didn’t have access to the salts, some older passwords on groups.drupal.org were not salted.

Their advisory also warns users to “be cautious” should they receive e-mails asking for personal information and “be on the lookout for unwanted spam.” Likewise, users should be immediately suspicious of emails that threaten account closures for failure to take immediate action to provide personal information.

At present, there have been no reports online or by Drupal of people seeing such emails.

“We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report,” the advisory adds.

In addition to password resets, Drupal said they also they hardened Apache configurations, and created static copies of sites that were no longer going to receive feature or content updates to minimize maintenance.

Additional details are available here

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.