Another server security lapse at NASA exposed staff and project data

January 11, 2019

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency’s staff and their work.

The leaking server was — ironically — a bug reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the server without a password, Avinash Jain, an India-based security researcher who found the exposed server, told TechCrunch.

According to Jain’s writeup, some Jira instances can be misconfigured to allow “everyone” access without a password — including anyone on the internet — and not “everyone” within an organization, as some believe.

Read More on Tech Crunch