Security News > 2021 > April > PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository.
"We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked," Nikita Popov said in a message posted on its mailing list on April 6.
Php.net server that involved adding a backdoor to the PHP source code in an instance of a software supply chain attack.
"The latter did not use Gitolite, and instead used git-http-backend behind Apache 2 Digest authentication against the master.php.net user database."
"It is notable that the attacker only makes a few guesses at usernames, and successfully authenticates once the correct username has been found. While we don't have any specific evidence for this, a possible explanation is that the user database of master.php.net has been leaked, although it is unclear why the attacker would need to guess usernames in that case."
Php.net authentication system is said to be on a very old operating system and a version of PHP, raising the possibility that the attackers may have also exploited a vulnerability in the software to stage the attack.
News URL
Related news
- EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- PostgreSQL databases under attack (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)