Magento Retaliates the Uncanny Hacks-men with a Befitting Shopper-popper Patch

June 15, 2016 Written By Hemant Parmar

Talk to Experts Need expert help? Don’t hesitate to talk.

You can do direct email atinfo@mconnectmedia.com

WE'RE HERE FOR YOU

We would love to hear about your Magento project, challenge, or opportunity. We'll respond within 24 hours!

The flaw in Magento was rated a 9.8 on a scale of 10 and it facilitated a complete rehash of the Magento online stores.

Nethanel Rubin, the independent security researcher reported some kind of vulnerability in the Magento eCommerce platform of the giant eCommerce store, eBay.  This vulnerability, if not fixed, would have definitely given an advantage to the hackers over the retailers.

Version 2.0.6 was issued overnight with the vulnerability, CVE-2016-4010 fixed.  There was a flaw that scored around 9.8 on a scale of 10 severity score.  This is indicative of the fact that the installation code will not be accessible when the process of installation finishes.

“Earlier, users with minimal access or permission could easily execute the PHP code or even the unauthenticated user could do that on the server.  This was possible because the directory or the app in a writable condition.  Majority of the administrators too did not make any changes to the permissions even after the installation was complete”, the company reported.

An Israeli researcher, Rubin too had earlier discovered loopholes in the Magento platform along with many others opined that the hackers can conduct an execution of arbitrary PHP code in the unpatched systems. He said, “This vulnerability creates room for the hacker to execute the PHP code, unauthenticated, on the vulnerable server of Magento.”

He also added that the vulnerability reflects on Magento Community edition as well as the Magento Enterprise Edition.  He strongly recommended that all Magento administrators update their Magento installations to 2.0.6 patch.

This chained attack is a combination of all smaller vulnerabilities that Rubin detail in toto.  He relies heavily on leaving SOAP or REST enabled from the default setting which is a constant feature of majority of the installations.

Much of the faux pas can be attributed to the dynamic nature of API and the sizeable API that the customers make use in order to run various things like the shopping carts in Magento.

Rubin was all appreciation for the code overhaul of Magento which included a lot of code improvements, vast rewriting and a huge bolstering of the security measures.  This is indeed touted as a giant leap no doubt, but may also be something similar to that of a pain in the tooth as far as the Magento developers are concerned and the vulnerability researchers are concerned.

In case you are also looking for protection against the Magento Attacks, get in touch with the Our experts they will conduct a perfect analysis and best solution of the website.

Need Magento expert help?

We provide result-driven solutions to expand the competency level and productivity.

Instant Help CenterAvailable!

Monday to FridayResponse promised within 24 hours!

Call Us

+1 319 804-8627

SUPEE-8788 Patch

One comment

  1. We going digital and technology friendly because of the high and fast growth in this industry. But, it is right that in some time, there may come problems along with it. However, we must also be prepared for bad times or situations such as the hacking thing. Thank you for sharing this information.

Load Comments

Your email address will not be published. Required fields are marked *

5 4 3 2 1

  • Worried for deadlines? Our Magento Experts are effortlessly Working from Home.
  • Check out our Magento Developer Hiring Packages for Agency as well as individuals.
View Packages

Talk to Experts Need expert help? Don’t hesitate to talk.

You can do direct email atinfo@mconnectmedia.com

WE'RE HERE FOR YOU

We would love to hear about your Magento project, challenge, or opportunity. We'll respond within 24 hours!

Please fill this form, Mr.Yogesh will reply by email asap.


Please fill this form, Mr.Darshit will reply by email asap.


Please fill this form, Mr.Jayesh will reply by email asap.


Please fill this form, Mr.Jiten will reply by email asap.