Jump to content

Weak Admin Password Caused Compromise of Gentoo GitHub repository


Recommended Posts

Gentoo have finished their investigation of the hack that affected their project last week on GitHub. The point of vulnerability has turned out to be a weak Administrator password. upon compromise the hackers added the Linux killer command “rm -rf /” so when users cloned the project to their computers all their data will be erased.


After the unknown individuals gained control over the Gentoo Organisation’s GitHub repository they locked out the administrators. Then the hacker group began adding the killer command to the various repositories.


Gentoo is one of the oldest versions of the Linux operating systems, unlike most, this distribution has  pre-built software packages and also uses the package management to download new software and in some cases source code to build the programs in the clients itself.


Fortunately there are various mitigations that were preventing the code from running on client machines. The main master Gentoo repository is not affected therefore users who have used the rsync or websync were not affected.


The logs also indicated that attackers have brute forced using many accounts before discovering the administrative password and altering legitimate code. The evidence also suggested that the Administrator has been using the same password in all their accounts which might have aided in the successful exploitation.


The GitHub repos of Gentoo organisation were unavailable for five days and the organisation has made sure the all the employees are using unique and complex passwords for their work accounts and also made sure that every employee has opted for the 2FA.


The organisation is still working on ways to restore the pull requests that were deleted by the attackers.


< Here >

Link to comment
Share on other sites

  • Replies 3
  • Views 488
  • Created
  • Last Reply

The point of vulnerability has turned out to be a weak Administrator password


Ohh, for that reason, your password will never be: 123456 


I hope Gentoo Project will be restore again that was before the attack :( 

Link to comment
Share on other sites

i'm so tired of people saying it's a hack when it's just

inserting a password.


in that sense everyone is a hacker as long as they

login to their accounts.


also that my password for adobe is 123456 and

goes to my flush email doesn't hurt me in any


Link to comment
Share on other sites


Your password doesn't have to be 123456 or password to be stupid.  I knew a system admin back in the 90s when every server had a monitor and keyboard attached to it and were administered individually instead of thru a central terminal who used the name of the monitor of that server as the password for it.  So if the monitor was a Packard Bell, guess what the server password was?  Packardbell.  Samsung monitor, Samsung, and Viewsonic, Viewsonic.  He figured that was safe because he could read the password for each system but didn't have it written down anywhere.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...