Security News > 2021 > August > GitHub picks Friday 13th to kill off password-based Git authentication

GitHub picks Friday 13th to kill off password-based Git authentication
2021-08-12 23:20

If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication - and you need to change that.

In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like.

You'll need to use authentication tokens to complete your Git operations with GitHub.

In July, Microsoft patched CVE-2021-34473, an ACL bypass hole in Exchange Server; and CVE-2021-34523, an elevation-of-privilege flaw in the Exchange PowerShell backend, and in May, CVE-2021-31207, an Exchange Server security feature bypass vulnerability.

Now, as spotted by security experts and Bleeping Computer, scumbags are scanning the internet for vulnerable Exchange servers seemingly in hope of backdooring them using ProxyShell exploit code, most likely with the intent of running ransomware, pivoting to other machines on the network, and/or exfiltrating information.

The related ProxyLogon exploit chain was also used to inject ransomware into unpatched Microsoft Exchange servers.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/12/git_proxyshell_gigabyte/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-34523 Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-287
critical
9.0
2021-07-14 CVE-2021-34473 Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Remote Code Execution Vulnerability
network
low complexity
microsoft CWE-918
critical
9.1
2021-05-11 CVE-2021-31207 Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019
Microsoft Exchange Server Security Feature Bypass Vulnerability
network
high complexity
microsoft CWE-434
6.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 13 3 43 30 17 93
GIT 2 0 3 4 2 9