Connect with us

PressRelease

Critical GitLab flaw permits account takeover by attackers

Published

on

Critical GitLab flaw permits

GitLab has patched a severe severity flaw that may have let remote attackers exploit hardcoded passwords to seize control of user accounts.

Both the Community Edition (CE) and Enterprise Edition of GitLab are impacted by the flaw, which was identified internally and is designated CVE-2022-1162 (EE).

During OmniAuth-based registration in GitLab CE/EE, static passwords were unintentionally set, which led to this vulnerability.

In a security advisory released on Thursday, the GitLab team stated that “a hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts.”

In order to thwart such assaults, GitLab strongly advised users to update their GitLab installations right away to the most recent versions (14.9.2, 14.8.5, or 14.7.7).

We STRONGLY RECOMMEND UPGRADING TO THE LATEST VERSION AS SOON AS POSSIBLE FOR ALL INSTALLATIONS RUNNING A VERSION AFFECTED BY THE ISSUES DESCRIB

A code patch made two days ago reveals that GitLab removed the ‘lib/gitlab/password.rb’ file, which was used to give the ‘TEST DEFAULT’ constant a shoddy hardcoded password.

Some GitLab users had their passwords reset.
GitLab also stated that as part of the CVE-2022-1162 mitigation effort, it reset a select few GitLab.com users’ passwords.

Additionally, it did not discover any proof that any accounts had been hacked by hackers exploiting the hardcoded password security weakness.

As of 15:38 UTC, “We completed a reset of GitLab.com passwords for a chosen selection of users,” the GitLab staff stated.

Although there is no evidence to suggest that users’ or accounts’ security has been compromised, we are nonetheless taking precautions for our users’ safety.

A GitLab representative provided the information previously included in the alert with BleepingComputer when asked how many Gitlab.com users had their passwords changed, adding that they only did so for “a limited group of people.”

A programme to recognise impacted user accounts
GitLab has developed a script that self-managed instance administrators may use to find user accounts that might be affected by CVE-2022-1162, despite the fact that the firm claims no user accounts have been compromised so far.

Administrators are urged to reset the users’ passwords after identifying any user accounts that could have been impacted.

GitLab claims that over 100,000 businesses utilise its DevOps platform, and it has over 30 million estimated registered users from 66 different nations.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 4 =

PressRelease

What is faze save kidshaywarddecrypt?

Published

on

By

faze save kidshaywarddecrypt

“Faze Save Kidshaywarddecrypt” likely refers to a meme or joke within the gaming community.

Esports faze save

“Faze Clan” is a professional esports and entertainment organization, primarily known for their presence in the Call of Duty and Counter-Strike: Global Offensive scenes. “Faze Save” could refer to a clutch play or a significant moment in a match where a player from the Faze Clan saved the round for their team. However, without more context, it’s difficult to determine the specific meaning of “Faze Save.”

Several players of the popular esports FaZe clan were suspended recently for promoting a controversial cryptocurrency called Save The Kids. Save The Kids was advertised as an alternative to Dogecoin and Etherium, and it promised to donate a portion of the proceeds to a charity. The controversy caused a huge backlash from fans, who slammed the clan for its shady business practices.

The members of FaZe Clan have denied being involved with the scheme, but anyone found to be involved in the scheme could face serious consequences. FaZe Clan’s reputation could be ruined, and potential sponsors could be discouraged from working with the group.

Faze clan save

“Faze Clan Save” could refer to a clutch play or a significant moment in a match where a player from the Faze Clan saved the round for their team. It might be used to describe a play that was critical to the outcome of a match and helped secure a win for Faze Clan.

faze save the kids

“Save the Kids” is a phrase that has become popular in internet culture and is often used as a hashtag or meme. The exact meaning of “Save the Kids” varies depending on the context, but it generally refers to a call to action or a show of support for a cause, often related to children’s rights, safety, or well-being.

In the context of “Faze Save the Kids”, it’s possible that it is a reference to the Faze Clan supporting the “Save the Kids” cause or using the phrase as a rallying cry within the gaming community. However, without more context, it is difficult to determine the exact meaning.

Continue Reading

PressRelease

Sources:On Monday, Facebook will reveal a range of music products, such as a Clubhouse-like app, a podcast discovery service integrated with Spotify, and more. (Vox, Peter Kafka)

Published

on

sources monday spotifykafkavox

Sources:On Monday, Facebook will reveal a range of music products, such as a Clubhouse-like app, a podcast discovery service integrated with Spotify, and more. (Vox, Peter Kafka)

Peter Kafka / Vox:

Several audio products, including a Clubhouse-like app, a podcast finding service integrated with Spotify, and more, will be unveiled by Facebook on Monday, according to sources. On Monday, there will be announcements, although some things won’t be available for some time. — Facebook wants you to start communicating with others on the site.

Continue Reading

PressRelease

ByteDance’s founder Zhang Yiming steps down as Executive Chairman

Published

on

Zhang Yiming
The founder of TikTok’s parent company ByteDance founder Zhang Yiming has stepped down as chairman after announcing last May he was resigning as CEO and moving into a strategy role. New CEO Liang Rubo has taken over as chairman of the company’s board. The news comes shortly after the company announced a major organisational reshuffle at ByteDance to create six separate business units.
Continue Reading

Trending