4 comments

[ 0.22 ms ] story [ 22.8 ms ] thread
During the initial attack phase, cyber actors scan the internet for SonarQube instances exposed to the open Internet using the default port (9000) and a publicly accessible IP address. Cyber actors then use default administrator credentials (username: admin, password: admin) to attempt to access SonarQube instances.

Given how often this happens, not having a default password and forcing users to set it should be a standard practice these days. Relying on administrators of the instance doing the right thing obviously keeps failing, thus an option to do the wrong thing should be removed completely.

Epic nabz... do you realize in which insecurity we are... :Ð
I did discover a SonarQube instance at $work open to the internet, default credentials too...

Developers are good at copy/pasting commands.

    docker
We're not an US Agency, but it seems those things happen eventually.
How does this happen? Who writes the firewall rules to map these ports?