Connect with us

Hi, what are you looking for?

Cyber Security

Asia-Pacific internet registry APNIC says WHOIS admin passwords were mistakenly exposed for three months

APNIC, the internet address registry for the Asia-Pacific region, has revealed that a “configuration error” meant hashed administrator passwords were publicly accessible for three months.

The oversight publicly exposed a dump file of APNIC’s WHOIS SQL database containing hashes of passwords used to authenticate database object changes, “corporate contact details”, and password hashes and contact details related to internal Incident Response Teams (IRTs), said APNIC.

Remedial actions

In a security alert posted on June 18, APNIC (short for ‘Asia-Pacific Network Information Centre’) said the issue arose when its staff copied the database “to a Google Cloud storage ‘bucket’ that was believed to be private”.

The member-based non-profit said it rectified the configuration error and removed the dump file after being alerted to the issue by an independent security researcher on June 4.

It added that it had just completed a four-day process of resetting all maintainer and IRT passwords, some of which were done manually to “minimise disruption to their network operations”.

No suspicious activity

APNIC conceded the “possibility that passwords can be derived from the hash by a malicious actor” and WHOIS data potentially “corrupted or falsified for misuse”.

The organization added: “It is not known if the data was accessed, as complete log files are not available, however initial investigations reveal no sign of suspicious update activity.”

APNIC also downplayed the threat to the integrity of its WHOIS database, a publicly searchable resource used to find information about web domains such as date of registration and expiry, place of registration, and the contact information of website owners.

“Any public misrepresentation of registry contents on WHOIS would not result in a permanent transfer of IP resources, as these functions are protected by MyAPNIC access mechanisms, and authoritative registry data is held internally by APNIC,” said the organization.

There were also “private WHOIS objects that are not visible on APNIC’s regular public WHOIS service”, whose contents “predominantly consists of corporate contact details”.

This data dates up to October 2017, before which the creation of new private objects in the WHOIS database triggered the incorporation of a duplicate private object in the audit logs.

This data “is still being assessed to determine if any further remedial action should be taken” said APNIC.

APNIC resource holders have been advised not to reuse their previous password, and to update login credentials for any other accounts where it is being used.

MyAPNIC passwords, added the organization, are unaffected and do not need to be changed.

APNIC said it is continuing to monitor for evidence of suspicious activity and will implement the recommendations from an ongoing post-incident review “as a priority in the coming weeks”.

Advertisement. Scroll to continue reading.

As well as maintaining the Asia-Pacific WHOIS database, the Brisbane, Australia-based organization distributes and manages IP addresses and AS numbers in 56 Asia-Pacific economies, holds annual conferences focused on internet policy development, and provides internet maintenance training through the APNIC Academy.

The Daily Swig has sent additional questions to APNIC. We will update the article if and when we hear back.

Source: https://portswigger.net/daily-swig/asia-pacific-internet-registry-apnic-says-whois-admin-passwords-were-mistakenly-exposed-for-three-months

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

PT BAUER Pratama Indonesia, the Indonesian subsidiary of BAUER Spezialtiefbau GmbH, was commissioned to manufacture the retaining walls for the basement in Kota Station...

Business News

Climate technology company Partanna has announced a partnership with the Diriyah Company the use of carbon-negative building materials throughout the US$63 billion Diriyah project...

Business News

The Hong Kong government has selected infrastructure consulting firm AECOM to build a new road linking Lantau Island and Tsing Yi Island aimed at...

Business News

The construction sector in Singapore has grown by 6.6% since Q2 2022, led by an expansion of output in both public and private sectors,...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO