Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
Security researchers have disclosed a vulnerability they exploited to access at least 100,000 private records belonging to employees of the United Nations' Environmental Programme (UNEP).
A team with Sakura Samurai, a security research group, discovered the flaw while looking for bugs affecting UN systems, Bleeping Computer reports. They found exposed Git directories and Git credential files on domains connected to both the UNEP and the UN International Labour Organization (ILO); they were able to dump the contents of these files and clone repositories.
The Git directory held sensitive files, including WordPress configuration files containing admin database credentials. These credentials gave the team access to at least 100,000 UN employee records from multiple systems. Exfiltrated data included employee ID, name, employee group, travel justification, start and end dates, approval status, destination, and ...
Copyright of this story solely belongs to darkreading.com . To see the full text click HERE