|
Patch By: June 19, 2012 Product:Hypernews Platform: Web Forum Software Host Remediation: Uninstall if not in use or prevent offsite access until patches are available. Change authentication from local storage to FNAL Central Authentication (e.g. x.509 KCE Certificates). If retaining local authenticaiton, force a password change/reset on ALL accounts to a new value, then have users reset their password. FNAL Site Actions: Implemented controls to prevent offsite access for known FNAL Hypernews installations. A vulnerability is being actively exploited against the Hypernews forum software. Username and password lists are being cracked and posted to the Internet. Hypernews installations at FNAL are to put in place controls preventing offsite access until patches are obtained and applied, and authentication is attended to. It is recommended that you change your Hypernews authentication to a different scheme that utilizes FNAL central authentication such as x.509 KCA certificates. If you must retian the use of locally defined usernames/passwords, please reset ALL user account passwords and have the users change them to a new value. Since Hypernews is a common resource among science sites, it may be common for a user to use the same username/password at multiple sites. Since the attackers have stolen password hashes from other Hypernews installations and are cracking the passwords, retining existing Hypernews passwords may allow for an attacker to authenticate and exploit your installation. Patch URL: http://hypernews.slac.stanford.edu/hn/download/index.html |
|
For
assistance contact servicedesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified on Nov 11, 2011. (Address comments about page to the Computer Security Team.) |