phpmyadmin
phpMyAdmin SourceForge mirror distributes backdoored zip file
An official phpMyAdmin download mirror on SourceForge was compromised, and attackers replaced phpMyAdmin-3.5.2.2-all-languages.zip with an archive containing the server_sync.php backdoor. Users who landed on that mirror received a poisoned administrative tool through a legitimate distribution lane for database operators and maintainers.
- Date
- 2012-09-25 to 2012-09-27
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Infrastructure
What Was Affected
Package
phpmyadmin
LanguagePHP
ComponentApplication
Artifact typesource archive
Domain typepackage host
Domain
sourceforge.net
Repository
github.com/phpmyadmin/phpmyadmin
Compromised Versions
- 3.5.2.2
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.2.2/phpMyAdmin-3.5.2.2-all-languages.zip/download
- ignum-dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.5.2.2/phpMyAdmin-3.5.2.2-all-languages.zip
Current Artifacts and Analysis
Indicators and Changes
Hashes
md5:cee5fa3565412733e42a8e461a2bcb39
Source Data
Source record: oss/phpmyadmin/2012/meta.yaml