Information Security News mailing list archives
Asus was warned of hacking risks months ago, thanks to leaky passwords
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 28 Mar 2019 06:33:47 +0000 (UTC)
https://techcrunch.com/2019/03/27/asus-hacking-risk/ By Zack Whittaker TechCrunch March 27, 2019A security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.
One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. The repo in question was owned by an Asus engineer who left the email account's passwords publicly exposed for at least a year. The repo has since been wiped clean, though the GitHub account still exists.
"It was a daily release mailbox where automated builds were sent," said the researcher, who goes by the online handle SchizoDuckie, in a message to TechCrunch. Emails in the mailbox contained the exact internal network path where drivers and files were stored.
The researcher shared several screenshots to validate his findings. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Asus was warned of hacking risks months ago, thanks to leaky passwords InfoSec News (Mar 27)