Last week our FullSail Systems Tech Staff patched all our data center instances immediately after a security patch had been released by the Webmin team.
This patch closed a recently found zero-day exploit which used the password checking mechanism in Webmin to passcode through to the Linux system.
This vulnerability could open a backdoor for the attacker, granting them access to the system.
Even though this vulnerability could be found on the FSS infrastructure, it did not expose FSS data centers. FSS Security is based on Two-Factor Authentification (2FA) supported by Yubikey/Yubico. This means even if the password could have been leveraged the attacker would need to pass the 2FA mechanism.
Security is FullSail Systems number one priority and we work around the clock to be ahead of these situations.
Read more about it here: https://www.theregister.co.uk/2019/08/19/webmin_project_zero_day_patch/
Wednesday, August 21, 2019