Why you should not run passbolt on the same server with other services?

Running passbolt on the same server than for example your wordpress blog or a server administration panel, or other services accessible to an attacker is not a good idea. Indeed an attacker could use a weakness or a misconfiguration in one of the service sitting next to passbolt to gain access to your server.

If you don’t think this is a realistic scenario attacker train for, check out https://www.hackthebox.com/ you will be find a “Bolt” exercise that is a good example of such scenario.

Screenshot 2021-12-21 at 14.58.23

1 Like