Insecure Passwords at Hosting Provider Behind OpenSSL Website Defacement

Insecure passwords at the web hosting provider for OpenSSL, the open source toolkit implementing SSL v2/v3 and TLS v1 protocols, were to blame for an attack on Sunday where hackers defaced its homepage.

According to a post mortem by OpenSSL on Friday, the attack was made possible through insecure passwords at its hosting provider, which gave the hacker control of the hypervisor management console and which was used to manipulate its virtual server.

Luckily for OpenSSL and its web hosting provider, Swedish host Indit Hosting, the extent of the damage was the modification to the index.html page. There was no vulnerability in the OS or OpenSSL applications.

Defacements don’t necessarily mean that any other data has been affected by a breach, but if a hacker is able to deface a homepage, it is likely able to do much more damage. Last year, WhatsApp’s homepage was defaced with a pro-Palestine message, and there was concern that user data would also be vulnerable.

OpenSSL said in its post mortem that steps had been taken to protect against this kind of attack in the future, although it isn’t clear what those steps are.