Intel Outside: Hacking every Intel employee and various internal websites
(eaton-works.com)
from Pro@programming.dev to cybersecurity@sh.itjust.works on 19 Aug 07:31
https://programming.dev/post/35947147
from Pro@programming.dev to cybersecurity@sh.itjust.works on 19 Aug 07:31
https://programming.dev/post/35947147
cross-posted from: programming.dev/post/35909752
Comments
- Hackernews; - Reddit.
- It was possible to bypass the corporate login on an internal business card ordering website and exploit it to download the details of more than 270k Intel employees/workers.
- An internal “Product Hierarchy” website had easily decryptable hardcoded credentials that provided a second way to download the details of every Intel employee. More hardcoded credentials made it possible to gain admin access to the system.
- An internal “Product Onboarding” website had easily decryptable hardcoded credentials that provided a third way to download the details of every Intel employee. More hardcoded credentials made it possible to gain admin access to the system.
- It was possible to bypass the corporate login on Intel’s SEIMS Supplier Site and further exploit it to download the details of every Intel employee (the fourth way). Additional client-side modifications made it possible to gain full access to the system to view large amounts of confidential information about Intel’s suppliers.
threaded - newest