undefined | Better HN

0 pointsPerceptes6y ago0 comments

But it does seem to be the case that the same SSH key pair that was used to access Jenkins also provided access to the production infrastructure. Unless I'm misunderstanding the nature of the attack.

0 comments

zigara6y ago

It seems the issue was developers using SSH agent forwarding which was abused to access the production environment.

j / k navigate · click thread line to collapse

0 pointsPerceptes6y ago0 comments

But it does seem to be the case that the same SSH key pair that was used to access Jenkins also provided access to the production infrastructure. Unless I'm misunderstanding the nature of the attack.

0 comments

zigara6y ago

It seems the issue was developers using SSH agent forwarding which was abused to access the production environment.

j / k navigate · click thread line to collapse