Backdoor found in Ruby strong_password library

The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The code was used to check the password strength of user-chosen passwords when the library was being used in a production environment: In production, the code would download a payload from Pastebin.com and execute it to create the actual backdoor […]