As a follow up on the security incident of March 29th, 2024, we have conducted an investigation into possible scenarios in which the leaked information could have been used. At this point in time we have no indication whatsoever that the exploit was used. Based on this investigation we advise the following actions to be taken.
High priority
- Rotate the password of the TESTSUITE user and the ELVIS_ENT_ADMIN_USER. It is recommended to use strong and unique passwords for each Studio Server.
- Verify the list of admin users. The likelihood that admin users have been added is small, but the impact is very high. The normal users could be validated as part of your normal periodic user validation check. In the case an unauthorised user has been created, it is recommended to rotate the passwords of all users. On a general note, it is good practice to periodically rotate the user password.
Medium priority
- Rotate the password of the database connection and RabbitMQ. It is very unlikely that these credentials could have been used, because the DB and RMQ servers should not be directly accessible from the outside world.
- Rotate the SSO secret. It is unlikely that this information can be exploited, because of the redirect URLs configured in the SSO service. General advice is to periodically rotate this secret.
Please reach out to our customer success team in case of questions or concerns.
Kind regards,
The WoodWing Security Team
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.