Depositphotos / Eaton Z.
The vulnerability concerned access to the Intel business card service website and three other internal resources of the company.
According to Eaton Z., a security researcher, reverse engineering specialist, and software developer, it was relatively easy to download confidential information about 270 thousand Intel employees. The data was accessed by bypassing the login on the Intel India Operations (IIO) website, where employees order their business cards.
“I’m excited to share my latest research project, which I’ve dubbed Intel Outside. Last fall, I discovered multiple critical vulnerabilities in Intel’s network infrastructure that allowed me to extract sensitive information about 270,000 Intel employees and more” — reports Eaton Z. on X.
The experiment is described in great detail on the website EatonWorks. The researcher writes that he decided to test the strength of Intel’s sites because of the history vulnerabilities of the company’s processors.
First, the hacker checked the JavaScript files behind the business card login form. He writes that it is sometimes possible to «trick an application into thinking that a valid user has logged in by replacing the getAllAccounts function so that it returns a non-empty array» This worked, and Eaton bypassed the login screen.
Even at this depth of penetration, the site allowed him to explore the list of employees — not only from India, but from all over the world. An API token available to an anonymous user provided even deeper access to the data. The researcher was confused by the ease of penetration and the amount of information available: «much more than this simple website needs [to work]».
Removing the URL filter from the API under investigation eventually resulted in a JSON file of almost 1 GB. This download contained data about each Intel employee (now there are fewer). The hacker got everyone’s name, position, manager’s name, phone number, and mailing addresses.
As part of the study, the author also tested the security of several other Intel sites and found three more similar cases. As noted by Tom’s Hardware, еhe process resembled picking locks with click tracking.
On the internal site «Product Hierarchy», the research revealed easy-to-decipher coded credentials. Once again, the “reward” was a large list of Intel employee data, as well as the ability to gain administrative access to the system. The internal system «Product Adaptation» Intel was similarly affected. The corporate login to Intel’s SEIMS supplier site was also easy to bypass. It provided a fourth way for the attacker to download the data of every Intel employee.
Eaton contacted Intel and outlined the flaws in the sites. Unfortunately, for some reason, none of the attempts met Intel’s requirements for bug bounties. Worse, the enthusiast received only one automated response from Intel. He writes that all the vulnerabilities were fixed by February 28 this year, so they can be reported now.
Контент сайту призначений для осіб віком від 21 року. Переглядаючи матеріали, ви підтверджуєте свою відповідність віковим обмеженням.
Cуб'єкт у сфері онлайн-медіа; ідентифікатор медіа - R40-06029.