This article highlights the importance of securing open-source solutions like Apache ActiveMQ, especially when vulnerabilities arise from default configurations. A recent analysis by BeVigil exposed numerous ActiveMQ instances utilizing default admin credentials, which could lead to serious risks, including Remote Code Execution (RCE) and unauthorized system access. Affected: Apache ActiveMQ, organizations using open-source solutions
Keypoints :
- Organizations are increasingly adopting open-source solutions for operational efficiency.
- BeVigil discovered exposed Apache ActiveMQ instances with default admin credentials.
- Instances were vulnerable to a critical CVE allowing RCE due to deserialization flaws.
- Default credentials in use (“admin:admin”) provided full administrative privileges.
- The exposed Apache ActiveMQ version 5.14.3 has a high CVSS score vulnerability.
- BeVigil recommended patching, strong access controls, and regular audits to mitigate risks.
MITRE Techniques :
- T1078 – Valid Accounts: Default credentials (“admin:admin”) were used to gain administrative access.
- T1203 – Exploitation for Client Execution: Exploitation of OpenWire protocol’s deserialization flaws allowing RCE.
Indicator of Compromise :
- [Domain] apache-activemq.org
- [Version] 5.14.3
- [CVE] CVE-2023-46604
- [Username] admin
- [Password] admin
Full Story: https://www.cloudsek.com/blog/unmasking-hidden-threats-how-bevigil-secures-apache-activemq-from-cyber-risks