The penetration testing company Horizon3.ai cautions that malicious assaulters can use Apache Superset facilities with default configurations to take possession of servers and databases and launch code. Cybercriminals can gather sensitive information, comprising user password hashes and database credentials in plaintext.
The bug was originally discovered and reported in October 2021, and since then, the company rotated the secret key in January 2022. A new warning was added to the logs, post this change.
Read more: Organizations Warned of Security Risk in Default Apache Superset Configurations
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.