Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

VMware: "Security Error" Led To OpenSSL Defacement

By - Source: IDG News Service

Last week the OpenSSL Project confirmed that on Sunday, December 29th, the home page of was defaced around 1AM GMT. The group restored the page just two hours later, and then began a thorough investigation into how the site was defaced.

Immediately some security experts were concerned, as OpenSSL is a highly popular cryptographic library that's used in a variety of software products. However, a news update on January 3rd eased those worries, stating that the source repositories were audited and not affected by the hack.

"Other than the modification to the index.html page no changes to the website were made. No vulnerability in the OS or OpenSSL applications was used to perform this defacement," the group wrote.

The group explained that the OpenSSL server is a virtual server that shares a hypervisor with other customers of the same ISP. A hypervisor is software that is used to create and run virtual machines. In a hosting environment, hypervisors typically run multiple virtualized servers on the same physical machine.

That said, the OpenSSL Project blamed the hacking on bad passwords on the ISP level. This led to the control of the hypervisor management console, which then was used to manipulate the OpenSSL virtual server.

The hosting provider for the OpenSSL project is reportedly a Swedish company called Indit Hosting, which uses VMware ESXi and KVM hypervisors. Because a possible vulnerability of ESXi could affect more than just OpenSSL, VMware jumped in and investigated the issue as well.

"The VMware Security Response Center has actively investigated this incident with both the OpenSSL Foundation and their Hosting Provider in order to understand whether VMware products are implicated and whether VMware needs to take any action to ensure customer safety," VMware announced. "We have no reason to believe that the OpenSSL website defacement is a result of a security vulnerability in any VMware products and that the defacement is a result of an operational security error."

So far Indit Hosting has not commented on the news. Meanwhile OpenSSL Project members said that "steps have been taken to protect against this means of attack in future."

[ Get IT news updates right in your inbox -- Sign up for Tom's IT Pro's Weekly Newsletter ]



Kevin Parrish is a contributing editor and writer for Tom's Hardware, Tom's Games, Tom's Guide and Tom’s IT Pro. He's also a graphic artist, CAD operator and network administrator.

More by Kevin Parrish