В 25 ga Yuni na fakitin gem Strong_password 0.7 canjin yanayi (), zazzagewa da aiwatar da lambar waje wanda wani maharin da ba a san shi ke sarrafa shi ba, wanda aka shirya akan sabis ɗin Pastebin. Jimlar yawan zazzagewar aikin shine dubu 247, kuma nau'in 0.6 shine kusan dubu 38. Ga nau'in ɓarna, adadin abubuwan da aka zazzage an jera su a matsayin 537, amma ba a bayyana yadda yake daidai ba, ganin cewa an riga an cire wannan sakin daga Ruby Gems.
Laburaren Strong_password yana ba da kayan aiki don bincika ƙarfin kalmar sirri da mai amfani ya ƙayyade yayin rajista.
ta amfani da fakitin kalmar sirri mai ƙarfi think_feel_do_engine (zazzagewa dubu 65), tunanin_feel_do_dashboard (zazzagewa dubu 15) da
superhosting (1.5 dubu). An lura da cewa wani mutum da ba a san ko wane ne ba ya kara da wannan mummunar canjin wanda ya kwace ikon ma'ajiyar daga marubucin.
An ƙara lambar mugunta zuwa RubyGems.org kawai, aikin bai shafi ba. An gano matsalar bayan daya daga cikin masu haɓakawa, wanda ke amfani da Strong_password a cikin ayyukansa, ya fara gano dalilin da yasa aka ƙara canji na ƙarshe a ma'ajiyar fiye da watanni 6 da suka gabata, amma wani sabon saki ya bayyana akan RubyGems, wanda aka buga a madadin sabon sabo. Keeper, wanda ba wanda ya taɓa jin labarinsa a baya ban ji komai ba.
Maharin zai iya aiwatar da lambar sabani akan sabar ta amfani da sigar Strong_password mai matsala. Lokacin da aka gano matsala tare da Pastebin, an ɗora rubutun don gudanar da kowane lambar da abokin ciniki ya wuce ta hanyar Kuki "__id" kuma an sanya shi ta amfani da hanyar Base64. Lambar qeta kuma ta aika da sigogin mai watsa shiri wanda aka shigar da bambance-bambancen kalmar sirri mai ƙarfi ga uwar garken da maharin ke sarrafawa.
source: budenet.ru