Sakura Samurai’s ethical hacking and cybersecurity researchers have disclosed startling new findings of a vulnerability that allowed them to access the private data of over 100,000 United Nations Environment Program (UNEP) employees.
The research team included including Jackson Henry, Nick Sahler, John Jackson, Sakura Samurai’s founder, and Aubrey Cottle, and the discovery was part of the UN’s Vulnerability Disclosure Program with HackerOne.
Sakura Samurai researchers were trying to discover security flaws impacting UN systems. Initially, they couldn’t find anything interesting. They probed multiple endpoints that fell within their scope of research.
Finally, the researchers were able to find an exposed subdomain of the International Labour Organization (ILO). This allowed them to access Git credentials.
Using these credentials, researchers were able to take over a legacy MYSQL database as well as a survey management platform. They ...
Copyright of this story solely belongs to hackread.com . To see the full text click HERE