Learn Ethical Hacking
News

Canonical Ubuntu Forum Database Compromised as Hacker Gained Unauthorized Access

Ubuntu Logo
Written by Aragonian

In this day and age, hackers have become more sophisticated forcing firms that handle larger amounts of user data (passwords and user names) to use well-fortified walls as a means to guide valuable amounts of data being stored in servers and databases.

Despite huge efforts that include the investment of time and money, Hackers seem to always find loopholes to exploit as was the case with a recent security breach experience by Canonical on its Forum database.

On Friday, 14 July, the Ubuntu Forums database was compromised by a hacker who managed to gain unauthorized access, blazing past the security barriers put in place to deal with situations like this.

Canonical immediately launched an investigation to determined the actual point of the attack and how much user data was compromised. It was confirmed that someone indeed gained access to the Forum’s database through an attack that occurred at 20:33 UTC on July 14, 2016, and the attacker was able to do so by injecting certain formatted SQL to the database servers housing the Ubuntu forums.

RedHat RHCSA and RHCE Certification Exam Study Ebook

Ubuntu Forums

“Deeper investigation revealed that there was a known SQL injection vulnerability in the Forumrunner add-on in the Forums which had not yet been patched,” said Jane Silber, Canonical CEO. “This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table.”

  Ubuntu Kylin's Feature Set Overview; Unity Dash at the Bottom By Default (Video Included)

According to the report posted on insights.ubuntu.com, the attacker’s efforts gave him access to read from any table but further investigations lead the team to believe that they were only able to read from the “user” table.

This access allowed the hackers to download a “portion” of the user table which contained everything from usernames, email addresses as well as IPs belonging to over two million users but Canonical reassured everyone that no active passwords were accessed because the passwords stored in the table were random strings and that the Ubuntu Forums uses what is called “Single Sign On” for user logins.

Ubuntu Linux

Ubuntu Linux

The attacker did download the respective random strings but fortunately, those strings were salted. To put everyone at ease, Canonical said that the attacker was not able to access the Ubuntu code repository, the update mechanism, any valid user password, or gain remote SQL write access to the database.

Furthermore, the attacker was not able to gain access to any of the following: Ubuntu Forums app, the front-end servers, or any other Ubuntu or Canonical services.

To prevent certain breaches in the future, Canonical installed ModSecurity on the forums, a Web Application Firewall, and improved the monitoring of vBulletin.

  Microsoft's SQL Server Public Preview is Available for Linux

Join Our Community Of 250,000+ Linux Lovers by liking us on Facebook, or follow us on Twitter, Google+ and Instagram.

If you liked this article, sign up for the fossmint newsletter for handpicked selection of stories from FossMint delivered to your inbox every day.


Top Deals

About the author

Aragonian

Aragonian is a nocturnal being that favors his nights with long gaming sessions and horrific movies while he scours the internet for what's trending in the tech industry by day. He adores Linux as a platform and is always happy to cover what's trending on Linux and the in open source world on TecMint.