**Flüpke** @fluepke@chaos.social · 2022-07-20T23:10:36Z

Flüpke @fluepke@chaos.social

A friend of mine finally found that jar!

CVE-2022-26138: A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into #Confluence and access all content accessible to users in the confluence-users group

The password is disabled1system1user6708

Source: https://packages.atlassian.com/maven-atlassian-external/com/atlassian/confluence/plugins/confluence-questions/3.0.2/confluence-questions-3.0.2.jar

c933f43e125fa332.jpeg

Jul 20, 2022, 23:10 · · Toot! · · ·

**osmodia** @osmodia@chaos.social · Jul 21, 2022, 04:50

**osmodia** @osmodia@chaos.social · Jul 21, 2022, 04:50

Jul 21, 2022, 04:50

osmodia @osmodia@chaos.social

@fluepke wtf? Default Passwords??

**Dentaku (Thomas Renger)** @dentaku@fnordon.de · Jul 21, 2022, 06:52

**Dentaku (Thomas Renger)** @dentaku@fnordon.de · Jul 21, 2022, 06:52

Jul 21, 2022, 06:52

Dentaku (Thomas Renger) @dentaku@fnordon.de

@fluepke 😱 🤬

**Mohs** @mohs@aachen.social · Jul 21, 2022, 06:58

**Mohs** @mohs@aachen.social · Jul 21, 2022, 06:58

Jul 21, 2022, 06:58

Mohs @mohs@aachen.social

@fluepke das ist ja mal ein super sicheres backdoor passwort.

**maximemelian, nun ohne covid** @smaecks@chaos.social · Jul 21, 2022, 07:08

**maximemelian, nun ohne covid** @smaecks@chaos.social · Jul 21, 2022, 07:08

Jul 21, 2022, 07:08

maximemelian, nun ohne covid @smaecks@chaos.social

@fluepke warum gibt es sowas :( wer macht das

Trending now

Resources

Developers

What is Mastodon?

chaos.social

More…