https://techcrunch.com/2019/03/27/asus-hacking-risk/
By Zack Whittaker
TechCrunch
March 27, 2019
A security researcher warned Asus two months ago that employees were
improperly publishing passwords in their GitHub repositories that could be
used to access the company’s corporate network.
One password, found in an employee repo on the code sharing, allowed the
researcher to access an email account used by internal developers and engineers
to share nightly builds of apps, drivers and tools to computer owners. The repo
in question was owned by an Asus engineer who left the email account's
passwords publicly exposed for at least a year. The repo has since been wiped
clean, though the GitHub account still exists.
"It was a daily release mailbox where automated builds were sent," said the
researcher, who goes by the online handle SchizoDuckie, in a message to
TechCrunch. Emails in the mailbox contained the exact internal network path
where drivers and files were stored.
The researcher shared several screenshots to validate his findings.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
