Spiceworks is an IT professional network that offers IT professionals the option to collaborate and help each other in terms of tech-related services and products. According to research, the network is used by more than 6 million IT specialists and 3 thousand technology vendors.
Due to its popularity in the IT field, a Spiceworks application has caused quite the controversy.
The application comprises a serious vulnerability that seems to be an important security issue. The app automatically creates an admin account and lets users who log in through Facebook or LinkedIn credentials to access the system.
The Team of Spiceworks Tested the Impact
The vulnerability was discovered by Darren K. Forgeron, Spiceworks community member. It’s the latest version (7.4.00065) of the application that comprises it. Once authenticated on the login page for administrators it could be exploited.
A fix is planned for this week inasmuch as verification engineer at Spiceworks, Joseph Griffin notifies that the impact of the problem is tested, and the conclusion is unconditional. The security issue has to be fixed as soon as possible.
→“I was simply trying to identify the scope of the issue in relation to hackers being able to access your information, not the severity of the issue itself,” Griffin explained in a blog post.
Users are worried that anyone in the company, who has malicious motives, could use the credentials to log in through Facebook or LinkedIn to get the administrator access and misuse the system information.
In response, Spiceworks team advises users to completely disable social sign-in in the application. They could resume the process when an updated version of the app becomes available as it will contain a fix for this vulnerability.