The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. This was initially treated as a compromise of the git.php.net server - but further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authentication.
The PHP code repository was compromised two weeks ago with the insertion of code that, if left in place, would have enabled a backdoor into any web server running it. The code was initially committed in the name of Rasmus Lerdorf, creator of PHP. After it was removed, it was recommitted under Popov’s name.
This was initially treated as a compromise of the git.php.net server. Further investigation into the incident has revealed that the commits were a result of pushing them using HTTPS and password-based authentication. This leading them to suspect a possible leak of the master.php.net user database.