Security researchers found exposed GitHub passwords on a subdomain of the United Nations Environment Program (UNEP) with Sakura Samurai, which enabled them to access a data trove, including more than 100,000 records of employees.
The Sakura Samurai researchers found an ilo.org subdomain that revealed .git content when investigating security vulnerabilities in properties beyond the framework of the vulnerability disclosure programme of the United Nations.
This allowed them to take over a SQL database and to take over the account of the International Labour Organization’s Survey Management Platform. However, while these are important flaws, it was found that both services were discarded, thereby containing no user data.
Further fuzzing, however, led the researchers to a subdomain of UNEP that leaked GitHub credentials, allowing them to view and download “many GitHub projects protected by private passwords.”
According to Sakura Samurai, certain projects included many databases, as well as programme ...
Copyright of this story solely belongs to cybersguards.com . To see the full text click HERE