Security News > 2021 > July > Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software
Now it appears Kaseya's customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
On July 3, the REvil ransomware affiliate program began using a zero-day security hole to deploy ransomware to hundreds of IT management companies running Kaseya's remote management software - known as the Kaseya Virtual System Administrator.
According to this entry for CVE-2021-30116, the security flaw that powers that Kaseya VSA zero-day was assigned a vulnerability number on April 2, 2021, indicating Kaseya had roughly three months to address the bug before it was exploited in the wild.
Holden said the 2015 vulnerability was present on Kaseya's customer portal until Saturday afternoon, allowing him to download the site's "Web.config" file, a server component that often contains sensitive information such as usernames and passwords and the locations of key databases.
In a video posted to Youtube on July 6, Kaseya CEO Fred Voccola said the ransomware attack had "Limited impact, with only approximately 50 of the more than 35,000 Kaseya customers being breached."
The zero-day vulnerability that led to Kaseya customers getting ransomed was discovered and reported to Kaseya by Wietse Boonstra, a researcher with the Dutch Institute for Vulnerability Disclosure.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-09 | CVE-2021-30116 | Insufficiently Protected Credentials vulnerability in Kaseya VSA Agent and VSA Server Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. | 9.8 |