Home » Gadgets » Apache Struts: Month-old security gap led to Equifax-Hack

Apache Struts: Month-old security gap led to Equifax-Hack

Thursday, September 14th, 2017 | Gadgets

A security gap patched at the time of the Equifax hack for several months has enabled the hacking of up to 140 million customer data, according to the scoring service. In addition, security gaps were discovered on other Equifax sites.

The vulnerability in Apache Struts is called CVE-2017-5683 and patched in March this year. The hack of Equifax web application started in May, so around two months after the patch was available. With Apache Struts, Java applications for front and back end can be developed.
Applications need to be rebuilt
There are some difficulties with the update. After the actual update for Struts, all applications on the respective server have to be rebuilt. Despite the effort, the bug would have had to be patched immediately: security researchers already warned in March that criminals could execute arbitrary code when exploiting the vulnerability. In addition, there was an exploit already in March, which can also be used via Metasploit.

The journalist Brian Krebs also reported that one side of the Latin American division of Equifax has massive security problems. The co-worker portal was not secured with the not particularly creative mixture of "admin / admin" as username and password. In the portal personal data of the employees were read out. It turned out that all Equifax employees in Argentina have a password identical to their user name. The site has now been taken off the net.

Like the Schufa or Arvato Infoscore, Equifax manages sensitive customer data on creditworthiness in Germany. For his reaction to the hack, the company had been criticized by numerous experts.

Related

Sinead O'connor Reggae

Sinead O'connor Reggae Sinead O'connor Reggae Vlogs Enya-Exile SinĂ©ad O'Connor – Throw Down

Bitcoin Yearly Graph

Bitcoin Yearly Graph Bitcoin is a worldwide cryptocurrency and digital payment system:3 invented

Merkel countered Erdogan's boycott a

Recep Tayyip Erdogan, the Union, the SPD and the Greens are "enemies of

Bitcoin Price January 2017

Bitcoin Price January 2017 Bitcoin is going bananas. The cryptocurrency was 10.1% higher