Report of Security Vulnerabilities Reveals No Suspicious Server Activity
The RIPE NCC has completed a thorough security investigation following an email we received concerning Cross-Site Scripting (XSS) vulnerabilities on some of our web services and a possible compromise on one of our servers.
The email reporting the XSS vulnerabilities was received on 22 August. The vulnerabilities were found and fixed immediately. When we informed the reporting party, they replied to us on 8 September and told us about a possible compromise on one of our servers.
We investigated the claim and found no evidence of suspicious behaviour on that server or any server with a similar configuration. We hired an external forensics team to thoroughly examine the server and firewall logs. They reported back to us this week that they found no evidence of any suspicious behaviour but did find vulnerabilities. We fixed these immediately.
There is no evidence that any personal or confidential data was compromised. The server in question did not contain any RIPE NCC member data and production servers were not affected. There is no action required from our members or users of our services.
The RIPE NCC has a robust infrastructure protected by comprehensive security measures. Although no evidence of malicious behaviour was found, we have identified areas in our internal procedures that can be improved. We have an internal team assigned to prioritise the actions to be taken.
It is our policy to report security incidents as soon as possible to all affected parties and provide a summary of the incident after completing the necessary investigations.
The RIPE NCC and the RIPE community have a relationship built on trust, openness and transparency. We’d like to thank the individual from the RIPE community who brought this to our attention.