|
|
|
|
|
|
by ajross
5229 days ago
|
|
|
Not necessarily if the reset tool is manually driven and audited. The vulnerability we're worried about here is an automated attack against many customers of a single hosting provider. There will always be ways to human-engineer your way into any single host. Having a hosting provider just increases the attack surface a little. |
|
|
This was an attack against Linode's customer service systems, which allow their support reps to reset root passwords. There's no reason for that system not to be protected by two factor authentication on top of heavy logging.