OpenSSL site hack wasn't the result of vulnerability exploitation
Posted on 03 January 2014.
After a few days of speculations fuelled by a not clear enough explanation, the OpenSSL Foundation has confirmed that the late December defacement of its website happened because of insecure passwords, and not a vulnerability in VMware software.

The website was defaced on December 29 by a group of Turkish hackers who, as it seems, have changed the site's main page to prove that they could and to gain a reputation.

"Other than the modification to the index.html page no changes to the website were made," the latest notice by OpenSSL says. "No vulnerability in the OS or OpenSSL applications was used to perform this defacement. The source repositories were audited and they were not affected."

After the company initially stated that the attack was executed via a hypervisor, security experts feared that a zero-day vulnerability in VMware software was exploited.

But VMware was quick to react and reassure them by saying that "the VMware Security Response Center has actively investigated this incident with both the OpenSSL Foundation and their Hosting Provider," and that they "have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error."

"The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP," the OpenSSL Foundation finally confirmed on Friday. "Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server."

"Steps have been taken to protect against this means of attack in future," they added.


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th