Source: heimdalsecurity.com – Author: Livia Gyongyoși
New vulnerability in GitHub puts more than 4,000 repositories at risk. The flaw turns the code packages vulnerable to repojacking attacks. After researchers reported the vulnerability to GitHub, the code hosting platform released a fix.
Repository hijacking (repojacking) is a technique that enables the threat actor to evade a security mechanism called popular repository namespace retirement and create a fake repository under a legit one`s name.
Simply put, the attacker claims the old username of a code package after the legitimate creator changed the username. Next, they publish a forged repository, under the same name. As a result, the unsuspecting users will confidently download the malicious content on their devices.
What Is the Popular Repository Namespace Retirement
GitHub put in place this security mechanism in order to prevent RepoJacking. In theory, a code package that has over 100 clones at the time its user account is renamed is considered “retired”. The matching of that specific username with the repository name is considered “retired.” Consequently, it cannot be used by others anymore.
However, researchers warn that hackers succeeded to evade this security mechanism. Security specialists revealed that more than 4,000 repositories in those package managers are using renamed usernames.
Circumventing the popular repository namespace retirement enable hackers to create new accounts with the same username. Their next move will be to upload malicious repositories, that could lead to software supply chain attacks. This way, hackers could easily and silently deploy their malware.
In order to avoid becoming a victim, security specialists recommend to avoid using retired namespaces. You should also make sure that there are no dependencies in your applications that can facilitate hijacking the repository.
According to The Hacker News, this is not the first time that GitHub`s security measures are tampered with. Nine months ago, the company had to patch another bypass vulnerability that put repositories and users at risk of a cyberattack.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/github-vulnerability-4000-repositories-repojacking/
Category & Tags: Cybersecurity News – Cybersecurity News
