Unauthorised access prompts password reset for Drupal

The security team behind open source CMS Drupal has announced that unauthorised access was gained into account information on their website Drupal.org.

The news may be a timely reminder for Australian organisations concerned about their ICT security to step up their vulnerability management to prevent similar incidents occurring.

In a blog post published May 29, Drupal executive director Holly Ross announced that their security team and infrastructure team has discovered the unauthorised access, which was accomplished using third-party software installed on the Drupal.org server.

As a result, personal account holder information such as usernames, email addresses, hashed passwords and country information was exposed, prompting a reset of of all user passwords.

"Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files," the blog post reads.

"The Drupal security team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability."

Security audits can be very helpful in picking up potential flaws such as this before they can be exploited against your company.

Securus Global is highly experienced at undertaking comprehensive security assessments for organisations, using penetration testing to help identify and resolve any gaps in the security of your ICT networks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s