Hacker News new | past | comments | ask | show | jobs | submit login
FBI: Hackers stole Source Code of US Agencies due to SonarQube misconfiguration [pdf] (ic3.gov)
23 points by aschatten 20 days ago | hide | past | favorite | 3 comments

During the initial attack phase, cyber actors scan the internet for SonarQube instances exposed to the open Internet using the default port (9000) and a publicly accessible IP address. Cyber actors then use default administrator credentials (username: admin, password: admin) to attempt to access SonarQube instances.

Given how often this happens, not having a default password and forcing users to set it should be a standard practice these days. Relying on administrators of the instance doing the right thing obviously keeps failing, thus an option to do the wrong thing should be removed completely.

I did discover a SonarQube instance at $work open to the internet, default credentials too...

Developers are good at copy/pasting commands.

We're not an US Agency, but it seems those things happen eventually.

How does this happen? Who writes the firewall rules to map these ports?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact