Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure.
However, a vulnerability exists where administrator accounts do not require a password to be changed. Not only is this poor password policy, but it can allow for network-based attackers to compromise the Jfrog Artifactory. The issue affects Jfrog Artifactory versions 6.17.0 and below.
This vulnerability is trivial to exploit. However, if the default password is still set an attacker can login and seize control of the service.
Whilst a patch is not currently available, end-users of Jfrog Artifactory can manually change administrator and user account passwords. Do ensure an appropriate password policy is in use and passwords should be changed regularly. Additionally, multi-factor authentication should be in place to mitigate against this issue.
Source: NVD
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…
![](data:image/svg+xml;charset=utf-8,<svg height="720px" width="1280px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
