DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well.
DigitalOcean customers reported on social media that they received an email recommending that they run a script to determine if their Droplets – the name used by the company for its cloud servers – are affected by the vulnerability.
The company allows its users to deploy pre-built and pre-configured applications with only one click. The list of 1-Click (One-Click) applications includes Node.js, Rails, Redis, MongoDB, Docker, GitLab, Magento and many others.
Leave a reply