A security researcher discovered a session fixation vulnerability in RIPE NCC's single sign-on system that could have allowed attackers to compromise accounts of 12,000 Atlas probe hosts. The flaw enabled attackers to plant session tokens via a malicious link and gain full access to RIPE NCC services once the target logged in. Although fixed within three weeks of reporting, the underlying issue of hosting third-party infrastructure under the same domain as the SSO system remains unaddressed.
Background
RIPE NCC is the Regional Internet Registry for Europe, the Middle East, and parts of Central Asia, responsible for allocating IP addresses and managing internet infrastructure. Their Atlas project is a global network of probes that measure internet connectivity and reachability.
- Source
- Lobsters
- Published
- May 29, 2026 at 12:53 AM
- Score
- 8.0 / 10