Security News > 2020 > May > Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers

Recent Salt Vulnerabilities Exploited to Hack LineageOS, Ghost, DigiCert Servers
2020-05-04 09:00

Over the past several days, hackers have exploited two recently disclosed Salt vulnerabilities to compromise the servers of LineageOS, Ghost and DigiCert.

Last week, F-Secure security researchers disclosed two vulnerabilities in Salt that could allow remote attackers to execute commands as root on "Master" and connected minions.

Servers of the LineageOS Android distribution were hit on Saturday, May 2, with the builds and stats servers still impacted by the outage at the time of writing.

"There is no direct evidence that private customer data, passwords or other information has been compromised. All sessions, passwords and keys are being cycled and all servers are being re-provisioned," Ghost noted.

Certificate authority DigiCert admitted on Sunday that attackers were able to exploit the Salt vulnerability and compromise the CT Log 2's key used to sign SCTs. Other CT logs run on separate infrastructure and were unaffected, Jeremy Rowley, DigiCert Executive VP of Product, revealed.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/WC2FY7GdlLE/recent-salt-vulnerabilities-exploited-hack-lineageos-ghost-digicert-servers

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ghost 2 0 12 5 4 21