There have already been instances reported of the Salt framework being attacked
by the hackers. To that end, Ghost [https://ghost.org/], a free and open source
blogging platform, has confirmed that it suffered a hack attack. In its status
page, Ghostmentioned [https://status.ghost.org/incidents/tpn078sqk973]that
around 1:30AM UTC on May 3rd, 2020, a hacker exploited a CVE in its saltstack
master to gain access to its infrastructure.
On the page, Ghostmentioned [https://status.ghost.org/incidents/tpn078sqk973]
that the vulnerability affects both Ghost(Pro) sites and Ghost.org billing
services. ?We are able to verify that ? no credit card information is affected,
no credentials are stored in plaintext?, mentioned the Ghost team. It further
added that no direct evidence has been found that private customer data,
passwords or other information have been compromised by the hackers. However,
all sessions, passwords and keys are being cycled and all servers are being
The team also added that it has introduced multiple new firewalls and security
precautions that are causing instability on the network and affecting certain
customer sites. ?Our team is hard at work restoring all sites as quickly as
possible, whilst going to extra lengths to ensure that all customer data is
secured,? mentioned the Ghost team. The company also revealed that as per the
investigation, a critical vulnerability in its server management infrastructure
Saltstack, designated as CVE-2020-11651 and CVE-2020-11652 was used in an
attempt to mine cryptocurrency on the servers.
These two vulnerabilities had been uncovered by F-Secure researchers in the Salt
framework, a python-based, open source configuration management framework that
monitors and updates data centre servers. These vulnerabilities described in the
advisory allows an attacker who can connect to the ?request server? port to
bypass all authentication and authorization controls. SaltStack engineers
patched the vulnerabilities inrelease 3000.2.
Recently, LineageOS, a free and open-source operating system for different
devices based on Android, was also?attacked by hackers?who used a CVE in its
saltstack master. Currently, there are over 6,000 instances of salt servers
exposed to the public Interne, revealed F-Secure researchers.
?A scan by the security firm, who identified the vulnerability, identified
approximately 6000 instances of exposed Salt masters. This represents a very
small portion of the install base. Clients who have followed fundamental
internet security guidelines and best practices are not affected by this
vulnerability,? said Peay.
Also Read | Asian Institutions Are Finally Warming to Crypto Hedge Funds
Also Read | Bitcoin halving could lead to longer-term rally, says Binance.US CEO