⬆️ ⬇️

100,000 passwords ieee.org for the whole month were in open access

By administrators' oversight, the logs of the ieee.org and spectrum.ieee.org web servers, including logins and clear text passwords, were accessible at least for a month at ftp.ieee.org/uploads/akamai (hole closed September). The logs kept information on more than 376 million HTTP requests, 411 308 of which contained login-password pairs. 99 979 of them were unique. Among the victims - many employees of Apple, Google, IBM, Oracle, Samsung, NASA, Stanford University and many other companies and organizations included in the international association IEEE .



The leak was discovered by a Romanian hacker Radu Dragusin. The total amount of logs was about 100 gigabytes. He analyzed the files and reported the IEEE vulnerability. He did not publish and is not going to publish the received passwords. He published the results of the analysis of the logs on the site ieeelog.com , specially created for this purpose.





')

Source: https://habr.com/ru/post/152353/



All Articles