An Interest In:
Web News this Week
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
Some of Our Sources
- BoingBoing
- Mashable
- Smashing Magazine
- TutsPlus - Design
- Creative Curio
- Fuel Your Creativity
- Inspiredology
- Line 25
- 24 Ways
- Design Modo
Help Webnuz
Referal links:
November 5, 2020 12:10 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/PgREpEmTolE/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers
Configuration Snafu Exposes Passwords For Two Million Marijuana Growers
An anonymous reader quotes a report from ZDNet: GrowDiaries, an online community where marijuana growers can blog about their plants and interact with other farmers, has suffered a security breach in September this year. The breach occurred after the company left two Kibana apps exposed on the internet without administrative passwords. Kibana apps are normally used by a company's IT and development staff, as the app allows programmers to manage Elasticsearch databases via a simple web-based visual interface. Due to its native features, securing Kibana apps is just as important as securing the databases themselves. But in a report published today on LinkedIn, Bob Diachenko, a security researcher known for discovering and reporting unsecured databases, said GrowDiaries failed to secure two of its Kibana apps, which appear to have been left exposed online without a password since September 22, 2020. Diachenko says these two Kibana apps granted attackers access to two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points. The first exposed usernames, email addresses, and IP addresses, while the second database also exposed user articles posted on the GrowDiaries site and users' account passwords. While the passwords were stored in a hashed format, Diachenko said the format was MD5, a hashing function known to be insecure and crackable (allowing threat actors to determine the cleartext version of each password). The company secured its infrastructure five days after Diachenko reported the exposed Kibana apps on October 10. It's unknown if someone else accessed the databases to download user data.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/PgREpEmTolE/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot