OpenSSL site hack wasn't the result of vulnerability exploitation
Posted on 03 January 2014.
After a few days of speculations fuelled by a not clear enough explanation, the OpenSSL Foundation has confirmed that the late December defacement of its website happened because of insecure passwords, and not a vulnerability in VMware software.

The website was defaced on December 29 by a group of Turkish hackers who, as it seems, have changed the site's main page to prove that they could and to gain a reputation.

"Other than the modification to the index.html page no changes to the website were made," the latest notice by OpenSSL says. "No vulnerability in the OS or OpenSSL applications was used to perform this defacement. The source repositories were audited and they were not affected."

After the company initially stated that the attack was executed via a hypervisor, security experts feared that a zero-day vulnerability in VMware software was exploited.

But VMware was quick to react and reassure them by saying that "the VMware Security Response Center has actively investigated this incident with both the OpenSSL Foundation and their Hosting Provider," and that they "have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error."

"The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP," the OpenSSL Foundation finally confirmed on Friday. "Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server."

"Steps have been taken to protect against this means of attack in future," they added.


Implementing an effective risk management framework

How do we balance the benefit of the free flow of information with the risk of inappropriate access and/or disclosure? What are the consequences of not doing so?

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Mar 26th