Ruby on Rails Public Key Security Vulnerability In GitHub
A Russian security researcher named Homakov has found that Github has succumbed to a public key vulnerability in Ruby on Rails which is allowing a normal user to gain administrator access into the popular Rails Git. Homakov exploited a flaw in how the Ruby on Rails web framework handles mass assignments that allowed him to write a posting, delete a posting or push changes into source code on any GitHub project. Homakov had previously created an issue regarding mass assignment security on the rails issue tracker on GitHub; this was closed by the developers saying that it was the application developers' responsibility to secure their applications. Homakov then decided to demonstrate the issue using the nearest Ruby on Rails application, GitHub. The problem or in other word this security flaws is known as the mass assignment vulnerability, has been around since the ability to set a number of attributes in one call was introduced in Rails. Later GitHub confirms to close that security hole.
According to the GitHub official Blog post:-
"The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability. In parallel to the attack investigation we initiated a full audit of the GitHub codebase to ensure that no other instances of this vulnerability were present. This audit is still ongoing, and I am going to personally ensure that we have a strategy going forward to prevent this type of vulnerability from happening again.
I sincerely apologize for allowing this to happen. Security is our priority and I will be arranging additional external security audits above and beyond our normal schedule to further test our security measures and give you peace of mind."
I sincerely apologize for allowing this to happen. Security is our priority and I will be arranging additional external security audits above and beyond our normal schedule to further test our security measures and give you peace of mind."
Brief About GitHub:-
Github is the web based front-end set up around Linus Torvald's Git revision control system. Due to the web site's extensive social networking features combined with the Git revisioning system Github has become extremely popular. Github is also used by a number of high-profile projects including the Linux kernel.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
NEWS
,
security-news
,
vulnerablity