- Jan 24, 2011
- 9,378
The Chaos Computer Club (CCC) hacker collective has notified the German Federal Finance Agency (Bundesfinanzagentur) of a serious security hole present on its website for years.
The vulnerability allowed any user to modify the content of the website through a Web-based file manager that was left unprotected.
The German Finance Agency is a state owned financial services company responsible for managing federal debt, as well as issuing Federal securities.
By leveraging the security hole, attackers could have added their own transaction quotes and could have changed the destination of the site's "Internet banking" link.
It's unclear for how long the website was vulnerable, but the unsecured file manager was probably there for years.
More details - link
The vulnerability allowed any user to modify the content of the website through a Web-based file manager that was left unprotected.
The German Finance Agency is a state owned financial services company responsible for managing federal debt, as well as issuing Federal securities.
By leveraging the security hole, attackers could have added their own transaction quotes and could have changed the destination of the site's "Internet banking" link.
It's unclear for how long the website was vulnerable, but the unsecured file manager was probably there for years.
More details - link
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
