In association with heise online

11 February 2009, 14:55

Typo3 hack on German Interior Minister's web site

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Anyone who hasn't yet fixed the hole in the Typo3 content management system that was reported yesterday should install the current update without delay. Vulnerable pages can easily be found using Google, and then they can be trashed.

Vandalised via a hole in Typo3: the German Interior Minister's web site
Zoom Vandalised via a hole in Typo3: the German Interior Minister's web site

Wolfgang Schäuble, Germany's Interior Minister, found this out last night when his web site acquired a link to the German Working Group on Data Retention, which is protesting against that controversial government scheme. The perpetrators kindly left a clue to how they got into the system by mentioning the Typo3 update: apparently they were able to access the configuration file "localconf.php" using a special URL. A more worrying point is that they could use Google to find the administrator's password hash held there, and crack it very easily.

Mr Schäuble's personal web site still hadn't been restored to its original condition on Wednesday morning. Now his web site seems to be under construction, announcing only that "the requested page is temporarily unavailable". The password, by the way, was "gewinner".

This is the third occasion the Ministers page has suffered security problems.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit