Weblog

by Bas under | 0 comments

Critical vulnerability found in Magento, upgrade necessary

Recently a vulnerability in Magento was discovered that allows attackers to gain unauthorized access to your webshop. This unfortunately also means attackers can thereby access all information in your webshop including your customer database and the backoffice.

Backgroundinformation on this vulnerability

Magento uses a login service for authenticating users. This login mechanism contains a vulnerability which allows attackers to bypass it and gain full access to your webshop.

Upon bypassing the login the attacker is allowed full control and can thereby install malicious code or access the customer database.

List of vulnerable systems

The vulnerability is found in all Magento versions. Both users of Magento Community and Magento Enterprise are urged to update their webshop as soon as possible.

If you have chosen the CloudVPS Magento-image as the base install for your VPS but haven't installed Magento then you are not vulnerable.

How to install the update

The vulnerability is resolved by applying patch SUPEE-5344. In order to activate the update you will have to install the patch and flush the cache. The version of the patch required is dependent on the Magento version. For more information on which patch to use and how to patch your system please see this page with information, kindly provided by Byte: https://www.byte.nl/wiki/How_to_apply_Magento_patch_SUPEE-5344

Please contact your Magento integrator if you have trouble installing this update.

Comments (0)

Leave a comment

Commenting is not available in this channel entry.
VPS Bestellen
VPS Bestellen