Why it matters: Security researchers regularly scan the internet in search of unprotected servers or exposed “secrets” belonging to major industry players. However, what RedHunt Labs recently discovered goes far beyond a simple insecure server hosting some confidential data.
UK-based security company RedHunt Labs recently discovered an authentication token belonging to a Mercedes-Benz employee. The token was hosted in a public GitHub repository, as stated by RedHunt co-founder Shubham Mittal, and it could have been exploited to gain “unrestricted access” to business secrets and other crucial authentication credentials of the German automotive giant.
RedHunt identified the exposed authentication token during a routine internet scan in January, but the token itself had been published…
Source link