Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Asus was warned of hacking risks months ago, thanks to leaky passwords

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 28 Mar 2019 06:33:47 +0000 (UTC)
https://techcrunch.com/2019/03/27/asus-hacking-risk/

By Zack Whittaker
TechCrunch
March 27, 2019
A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.
One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The repo in question was owned by an Asus engineer who left the email account's passwords publicly exposed for at least a year. The repo has since been wiped clean, though the GitHub account still exists.
"It was a daily release mailbox where automated builds were sent," said the researcher, who goes by the online handle SchizoDuckie, in a message to TechCrunch. Emails in the mailbox contained the exact internal network path where drivers and files were stored. 

The researcher shared several screenshots to validate his findings.

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: