Mercedes-Benz faces the spotlight as a critical breach comes to light. RedHunt Labs, a cybersecurity firm, discovered a serious vulnerability in Mercedes’s digital security, allowing unauthorised entry to confidential internal data. Shubham Mittal, Chief Technology Officer at RedHunt Labs, found an employee’s access token exposed on a public GitHub repository during a routine scan in January. This access token, initially meant for secure entry, inadvertently served as the gateway to Mercedes’s GitHub Enterprise Server, posing a risk to sensitive source code repositories. The incident reiterates the importance of robust cybersecurity measures and highlights potential risks associated with digital access points.
Mittal found an employee’s authentication token, an alternative to passwords, exposed in a public GitHub repository. This token provided unrestricted access to Mercedes’s GitHub Enterprise Server, allowing the unauthorised download of private source code repositories. These repositories contained a wealth of intellectual property, including connection strings, cloud access keys, blueprints, design documents, single sign-on passwords, API keys, and other crucial internal details.
The exposed repositories were found to include Microsoft Azure and Amazon Web Services (AWS) keys, a Postgres database, and actual Mercedes source code. Although it remains unclear whether customer data was compromised, the severity of the breach cannot be underestimated.
Upon notification
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.