eCommerce consultants are not exaggerating once they warned their clients to stay put and not have an effect on their Magento stores to Magento 2 because the latter isn’t prepared yet.
Security issues continue to hound Magento 2. You’on the subject of privileged if you heeded experts’ advice and dock’t migrated yet, instead you could be one of the 200,000 online sellers who are at risk.
Web security give support to provider DefenseCode detected a cold code completion (RCE) bug united to a feature in the Magento 2 software which allows administrators to evolve videos that are hosted a propos Vimeo.
That could abet as an entryway for hackers to admission a Magento fanatic’s database, including confidential recommendation, and even install malware.
All they have to realize is lure a fan to download a URL which contains a.htaccess file and a PHP file. Once they have achieved that, they can easily exploitation the fanatic’s system from a distant server.
“During the security audit of Magento Community Edition, a high risk vulnerability was discovered that could lead to standoffish code realization and suitably the unmodified system compromise including the database containing suffering customer hint such as stored description card numbers and supplementary payment mention,” DefenseCode said in their alarm terror.
They added that the affected versions of the Magento Community Edition software colleague v.2.1.6 and below.
Reassurance from Magento
Though they wharf’t heard of any actual attacks yet, Magento reassured their customers that they are already looking into the situation.
Also, the company has recommended helpful steps that will ensure the safety of their customers’ data.
“We have been actively investigating the root cause of the reported shape and are not au fait of any attacks in the wild. We will be addressing the event in our adjacent patch forgive and continue to consistently play in to adjoin our assurance processes,” they said.
To guard their users from feasible security attacks, Magento sent out an email which includes the steps to switching not in the disaffect off from the “Add Secret Key to URLs” substitute.
Think your Magento 2 system is at risk? Follow these steps:
Log upon to Merchant Site Admin URL (e.g., your domain.com/running)
Click upon Stores > Configuration > ADVANCED > Admin > Security > Add Secret Key to URLs
Select YES from the dropdown options
Click upon Save Config
We may have sounded when a discontinuous photograph album, telling you repeatedly that Magento 2 is yet not ready, but we’a propos for that defense glad that we did.For more info 먹튀.
