Monday, September 26, 2022
HomeNewsGitlab releases patch for critical vulnerability that could let attackers hijack accounts
Sponsored Links
News

Gitlab releases patch for critical vulnerability that could let attackers hijack accounts

By Cpho masinger
0
4
How Do Hackers Get Passwords?
How Do Hackers Get Passwords?

GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.

The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE).

and Enterprise Edition (EE).

Beastmode botnet boosts DDoS power with new router exploits
This flaw results from static passwords accidentally set during OmniAuth-based registration in GitLab CE/EE.

“A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts,” the GitLab team explained in a security advisory published on Thursday.

Popular Stories Right now
Kaizer Chiefs’ Powerful line-up with the new signings
Kaizer Chiefs latest: Zwane makes a statement on Khune’s future
Could Benni McCarthy be able to coach Amakhosi this time??

GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks.

“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” they said.

A code commit submitted two days shows that GitLab deleted the ‘lib/gitlab/password.rb’ file, which was used to assign a weak hardcoded password to the ‘TEST_DEFAULT’ constant.

GitLab also added that it reset the passwords of a limited number of GitLab.com users as part of the CVE-2022-1162 mitigation effort.

It also found no evidence that any accounts have been compromised by attackers using this hardcode password security flaw.

“We executed a reset of GitLab.com passwords for a selected set of users as of 15:38 UTC,” the GitLab team said.

“Our investigation shows no indication that users or accounts have been compromised but we’re taking precautionary measures for our users’ security.”

When asked to share the number of Gitlab.com users who had their passwords reset, a GitLab spokesperson shared the info already available in the advisory telling BleepingComputer that they only did it for “a selected set of users.”

Photos Source Beker

Previous articleKaizer Chiefs player Njabulo Ngcobo rates his Midfield Role
Next articleCould Benni McCarthy be able to coach Amakhosi this time??
Cpho masingerhttps://mygeniusinsider.com/
Wordpress developer
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Load more

Recent Comments

Former Chiefs Player Is Expected To Return... - SS Football News on Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
Kaizer Chiefs head coach set to Coach south Africa National Team - SS Football News on Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
Kaizer Chiefs planning to promote two Youngstars from their development ranks - SS Football News on Kaizer Chiefs’ Bimenyimana says he won’t make ‘Pirates signal’ again in SA
Kaizer Chiefs target Junior Mendieta drops a huge Kaizer Chiefs hint - SS Football News on 🙆🏿‍♂️🗣 Khune reveals how he lost shape 
Former Kaizer Chiefs coach has apologised to Kaizer Chiefs Supporters - SS Football News on 🙆🏿‍♂️🗣 Khune reveals how he lost shape 
Reason Why Billiat and Four Others missed the draw at Gallants on Kaizer Chiefs coach Zwane latest issues update on Billiat injury
Kaizer Chiefs coach Zwane latest issues update on Billiat injury on Reason Why Billiat and Four Others missed the draw at Gallants
Kaizer has announced the death of player’s father on Zwane must fall?Some fans of the Kaizer Chiefs football team are upset over the recent draw
Zwane must fall?Some fans of the Kaizer Chiefs football team are upset over the recent draw on Pitso Mosimane is interested in signing one of Kaizer Chiefs’ top stars to join Percy Tau at..
Mark on Benni McCarthy joins Man United as coach
South Africans have been advised to stop using using Public WIFI when using their banking apps on SASSA not processing new applications for the R350 Covid grant
Kaizer Chiefs vs Amazulu: MTN 8 on Could Benni McCarthy be able to coach Amakhosi this time??
Gal Jerman on SA cyberspace is under attack by China-linked group that targets job hunters
Rain has reportedly formally requested to present the Telkom board with a proposal to.. on What are NFTs | How to Buy or Sell NFTs?
Du Preez - he was there but we know that he could have done better on It’s a hard pill to swallow for the khosination 😭😭
Digital bank TymeBank says it is set to bolster its business banking offering with a series of new initiatives on Capitec users are still being struck by a significant service outage since Thursday
MohaleOTR: Mohale Goes On The Record, Talks Failed Relationship With Somizi And More on Mohale Motaung opens up about his marriage to the media
Mohale Motaung opens up about his marriage to the media on MohaleOTR: Mohale Goes On The Record, Talks Failed Relationship With Somizi And More
A star from Mozambique has started training with Kaizer Chiefs. The news was confirmed by the club on Thursday. on Kaizer Chiefs’ Powerful line-up with the new signings
Costa Keobatlile on Kaizer Chiefs’ Powerful line-up with the new signings
Kaizer Chiefs’ Powerful line-up with the new signings on Amakhosi’s Solomons Breaks Silence On Royal AM battle
Kaizer Chiefs’ Powerful line-up with the new signings on The MTN8 QF Fixtures Confirmed!
The MTN8 QF Fixtures Confirmed! on Kaizer Chiefs goalkeeper Itumeleng Khune is one of the longest serving players still involved in the game
The MTN8 QF Fixtures Confirmed! on Kaizer Chiefs latest: Zwane makes a statement on Khune’s future
PERCY TAU’S EMPHATIC GOAL DENIED BY VAR! [VIDEO] on Kaizer Chiefs latest: Zwane makes a statement on Khune’s future
Kaizer Chiefs latest: Zwane makes a statement on Khune’s future on Kaizer Chiefs interest and Sekhukhune deal
Kaizer Chiefs interest and Sekhukhune deal on Why Kaizer Chiefs lost out to Sekhukhune United
Advertisements

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT US

Newspaper is your news, entertainment, music fashion website. We provide you with the latest breaking news and videos straight from the entertainment industry.

FOLLOW US

© My Genius Insider by The Genius, Inc.

MORE STORIES

Kaizer Chiefs coach gives squad update for Macufe Cup!

TheeGenius007 - 0
The FANtastic match, which used to take place between Bloemfontein Celtic and the Amakhosi at the annual Macufe Festival will see a new participant. Kaizer...

Kaizer Chiefs’ transfers: can this result to a decade of flops?

TheeGenius007 - 0
An unsuccessful period in Kaizer Chiefs' history appears to be reflected in their transfer dealings over the past ten years. It’s a very difficult job...

after an emotional video of the veteran actor started trending on...

TheeGenius007 - 0
Legendary ‘Emzini Wezinsizwa’ thespian begs for donations This after an emotional video of the veteran actor started trending on social media platforms, where he is...

Latest Kaizer Chiefs news: A transfer window to forget as Kermit...

TheeGenius007 - 0
Orlando Pirates have pulled off a major transfer coup after Chiefs were linked to Romeo throughout the window. Kaizer Chiefs fans will have been satisfied...

Bobby Motaung responds to calls for Erasmus

Cpho masinger - 0
Erasmus has been the topic of plenty of speculation after he fell out of favour at Sundowns, with the club also handing his jersey...

Here are Messi’s nine ‘shocking’ requests to renew his Barcelona contract...

TheeGenius007 - 0
Messi’s release clause in 2020 was reportedly €700 million. He wanted it removed, even though a symbolic clause of €10,000 would remain. Barcelona refused...