Database Security Digest – February 2017

The time has come to introduce you to the latest news in the sphere of database security.

Ransom attacks switched to MySQL

Ransomware attacks on misconfigured MongoDB and CouchDB continued. Blackmailers have also started targeting MySQL databases. The attack scheme remains pretty simple: detect a database with default settings, brute-force the ‘root’ password, delete the database content and demand financial support for restoring the data.

This kind of attack can be easily avoided, if you apply the basic security measures:

  • Install the latest version of your RDBMS.
  • Do not leave the default password for root users. Assign strong combination for passwords, use random password generators.
  • Minimize internet facing services.
  • Implement activity monitoring tools to be aware of the current situation of your internet-accessible servers.

SQL injection vulnerability in WordPress

A severe remotely exploitable vulnerability has been found in NextGEN Gallery plugin of WordPress. It allows an unauthenticated user to inject an SQL code and retrieve sensitive data from victim’s website database, including hashes of WordPress user passwords. Affected websites are those that use NextGEN Basic TagCloud Gallery or if it is allowed for users to submit posts.

SQL injection is made possible due to invalid validation of query parameters. As a result, the info typed by a user will be added to the SQL query without the correct filtration. The vulnerability has been patched in NextGEN Gallery 2.1.79.

Leaking Cloudflare

Cloudflare provides Internet security and performance services to millions of websites. It turned out the CloudFlare service had a huge bug and it was leaking sensitive data from September 2016 through February 2017.

According to Cloudflare reports, the problem occurred in HTML parser presenting in the following three features: Automatic HTTP Rewrites, Email Obfuscation, Server-Side Excludes. The bug caused buffer overflow on the edge servers, thus they returned memory containing private information such as authentication tokens, HTTP cookies, HTTP POST bodies and some other critical data. All the three features causing memory leakage have bee