Apache.org services attacked

The Apache Infrastructure Team has reported a direct, targeted attack against the server hosting their issue-tracking software. “If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. JIRA and Confluence both use a SHA-512 hash, but without a random salt. We believe the risk to simple passwords based on dictionary words is quite high, and most users should rotate their passwords. Bugzilla uses a SHA-256, including a random salt.

Read more at LWN.net

Comments are closed.