How a mistakenly published password exposed Mercedes-Benz source code
Reading Time: < 1 minutesMercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave ‘unrestricted access’ to the company’s source code, according to the security research firm that discovered it.
According to Mittal, this token — an alternative to using a password for authenticating to GitHub — could grant anyone full access to Mercedes’s GitHub Enterprise Server, thus allowing the download of the company’s private source code repositories.
‘We will continue to analyze this case according to our normal processes. Depending on this, we implement remedial measures,’ Liesenfeld added.
It’s not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023.
Mercedes declined to say whether it is aware of any third-party access to the exposed data or whether the company has the technical ability, such as access logs, to determine if there was any improper access to its data repositories. The spokesperson cited unspecified security reasons.
Reference: https://techcrunch.com/2024/01/26/mercedez-benz-token-exposed-source-code-github/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG