June 7, 2023

The Brazilian arm of Volvo leaked sensitive files, putting its clientele at risk.

Researchers discovered Dimas Volvo was leaking sensitive files through its website. The leaked files could have served malicious actors in various ways, including hijacking official communication channels and infiltrating the company’s systems.

In February 2023, researchers discovered publicly exposed files hosted on the dimasvolvo.com.br website, exposing its database’s authentication information, including MySQL and Redis database hosts, open ports, and credentials. These credentials could further be exploited to access the contents of the databases, which might have stored private user data.

Advertisements

The exposure of the laravel key is particularly dangerous because it could have been used to decrypt user cookies, which often hold sensitive information such as credentials or session IDs. An attacker could exploit this data to hijack the victim’s account.

Rearchers also observed the URL of the Git repository where the website’s source code is stored, revealing the repository name and who created it.

The researchers also discovered a .DS_Store file that held metadata from the developer’s computer, revealing the file and folder names in the directory where the website’s project files were stored that’s used to know the website hierarchy that inturn used to compromise the website.

To ensure maximum security, exercise caution when receiving emails. You should verify any claims externally without clicking on embedded links and stay alert when your name appears in unsolicited communications.

Advertisements

To reduce the risks, experts advised resetting the Laravel application key and the credentials for the MySQL and Redis databases.

Additionally, changing the database ports and generating new email credentials are recommended. As account and repository names are typically unchangeable in Git, requesting their removal is essential.

Moreover, to prevent further breaches, the Internet of Things (IoT) search engines should eliminate indexed information with .DS_Store file.

Leave a Reply

%d bloggers like this: