Internet Industry Search Engine

Another server security lapse at NASA exposed staff and project data TechCrunch
See More From:

Jan 11, 2019 10:39 AM 2+ mon ago

Another server security lapse at NASA exposed staff and project data

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency's staff and their work.

The leaking server was -- ironically -- a bug-reporting server, running the popular Jira bug triaging and tracking software. In NASA's case, the software wasn't properly configured, allowing anyone to access the server without a password, Avinash Jain, an India-based security researcher who found the exposed server, told TechCrunch.

According to Jain's writeup, some Jira instances can be misconfigured to allow "everyone" access without a password -- including anyone on the internet -- and not "everyone" within an organization, as some believe.

Jain found the leaking server in October exposing NASA staff usernames and email addresses and the projects they were working on. Because Jira contains information about bugs and issues within an organization, including works in progress, the server also gave up what agency staff are ...

Read More

Search Builder

(Click to add to search box)
server security lapse  Jira bug triaging  project data TechCrunch  Carnegie Mellon University  bug bounty program  project data  dozen hacks  data breach  space agency  server lapse  data compromise  security issues  NASA employees  email NASA  breach disclosure  government shutdown  security posture  Jira server  agency staff  Avinash Jain  everyone access  server security lapse  Voter Data Left  Public Server Councils  Exchange Server Presentation  Data Security Dreams  Network Operations Automation  client data  Windows Server  SQL Server  security lapse  Dropbox Tumblr  security bug  

**Content contained on this site is provided on an “as is” basis. 4Internet, LLC makes no commitments regarding the content and does not review it, so don't assume that it's been reviewed. What you see here may not be accurate and should not be relied upon. The content does not necessarily represent the views and opinions of 4Internet, LLC. You use this service and everything you see here at your own risk. Content displayed may be subject to copyright. Content is removed on a case by case basis. To request that content be removed, contact us using the following form: Contact Us.