Researchers claim that hard-coded password vulnerability in the Atlassian Questions For Confluence app has been under active exploitation.

Problems mount for Atlassian as threat actors find exploits for the latest bugs in the company’s Confluence platform. Last week the company announced a critical vulnerability, CVE-2022-26138, in its Questions for Confluence app that allows users to receive support on Atlassian products.

“A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to,” the company said.

Since the hard-coded password leaked on Twitter, Atlassian deemed the issue severe, adding that the vulnerability will likely be exploited in the wild. That’s precisely what researchers at cybersecurity firm Rapid7 discovered.

“[…] it didn’t take long […] to observe exploitation once the hardcoded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks,“ Glenn Thorpe, a security researcher at Rapid7 said.

Researchers claim that the hard-coded password vulnerability impacts Confluence Server and Confluence Data Center software. However, researchers claim that the exploit only works when the Questions for Confluence app is enabled.

Atlassian is an Australian software giant providing products for developers and managers. Last month researchers revealed that threat actors were exploiting another critical vulnerability (CVE-2022-26134) in Confluence Server and Data Center, allowing malicious actors to gain full remote access on unpatched servers.

Attackers exploit Atlassian’s hard-coded password bug