The American cloud provider DigitalOcean warned users about vulnerabilities in some of the company's applications (1-Click apps) that use MySQL. Applications have the same accounts (debian-sys-maint) with a default password, which allows attackers to get remote access to the server. According to DigitalOcean, the vulnerability also affects the services of other providers.

The company warned customers about the vulnerability and recommended to check their droplets (virtual dedicated servers, VPS) using the proposed script. DigitalOcean provides users with the ability to deploy applications in one click, the so-called 1-Click apps. A list of such applications includes the Node. js, Rails, Redis, MongoDB, Docker, GitLab, Magento and many others.

According to DigitalOcean, applications that use MySQL on Debian and Ubuntu create a MySQL account named debian-sys-maint, which has the same password for all droplets created from a single image. The debian-sys-maint account is for local administration and must have a unique password, however, because of an error, the password is the same for all instances created from the same image. The problem affects MySQL and a number of other applications using MySQL, including PHPMyAdmin, LAMP, LEMP, WordPress and OwnCloud.

DigitalOcean has provided a script that allows users to determine whether their droplets are affected and, if necessary, update them. The script works on Ubuntu versions 14, 16 and 17 and Debian 7, 8. Vulnerability does not affect Debian 9.