RU EN
Добро пожаловать на SKY-FRAUD.RU, после регистрации , вам будут доступны все разделы форума.
Вернуться   SKY-FRAUD.RU > Основное общение > Mass media about us > Vulnerabilities Exposed 2 Million Verizon Customer Contracts
 
Adv. info:
Важная информация
Основные домены форума: SKY-FRAUD.RU | S-FRAUD.RU

TOR: bcbm4y7yusdxthg3.onion

XMPP.NAME - Официальный Jabber сервер для участников SKY-FRAUD.RU
Mass media about us News from the world about us.

FE051217
FE051217
Advert 3
Ответ
 
Опции темы Опции просмотра
Старый 10.09.2019, 20:57   #1
radikal
Модератор
 
Аватар для radikal
 
radikal на форуме
Регистрация: 08.02.2014
Сообщений: 4,290
По умолчанию Vulnerabilities Exposed 2 Million Verizon Customer Contracts

Vulnerabilities discovered by a security researcher in Verizon Wireless systems could have been exploited by hackers to gain access to 2 million customer contracts.

UK-based researcher Daley Bee was analyzing Verizon Wireless systems when he came across a subdomain that appeared to be used by the company’s employees to access internal point-of-sale tools and view customer information. Further analysis led to the discovery of a URL pointing to PDF format contracts for Verizon Wireless customers who used the company’s monthly installment program to pay for their devices.

While authentication was needed to access the files, the expert initially managed to access one contract, linked to a specific phone number and contract number, after brute-forcing the URL’s GET parameters.

The researcher then realized that modifying the value of one of these parameters would display a different contract. This is called an insecure direct object reference (IDOR) vulnerability and they are typically easy to exploit.

The exposed contracts contained information such as full name, address, phone number, model and serial number of the acquired device, and the customer’s signature.

Verizon exposed customer contracts

“As usual, it’s the small & stupid things that are overlooked that lead to the biggest issue,” the researcher said in a blog post.

Daley Bee determined that there were a total of roughly 2 million valid combinations for the parameter affected by the IDOR flaw — between 1310000000 and 1311999999 — and each corresponded to a Verizon Wireless customer contract.

The hacker reported his findings to Verizon in mid-June and a patch was rolled out roughly one month later. The researcher told SecurityWeek that Verizon Wireless services are not covered by a bug bounty program — Verizon provides an email address for responsibly disclosing vulnerabilities but it does not offer rewards.

The researcher claims Verizon has verified his findings and confirmed that the vulnerability exposed 2 million contracts.

SecurityWeek has reached out to Verizon for comment and will update this article if the company responds.

UPDATE. Verizon provided SecurityWeek the following statement:

“We were made aware of this issue in June. When the issue was brought to our attention, our cyber security team worked quickly with our application team to resolve it.

We have no reason to believe that any customer information was accessed by anyone other than the security researcher who reported it.”
__________________
[Для просмотра данной ссылки нужно зарегистрироваться]
[Для просмотра данной ссылки нужно зарегистрироваться]
[Для просмотра данной ссылки нужно зарегистрироваться]
 
Ответить с цитированием

Advertising \ Реклама
2FORCE.SU - THE BIGGEST CVV SHOP ON THE UNDERGROUND MARKET

HQ DUMPS by Donald Trump
Ссылки для доступа к сервису: TRUMP-DMPS.RU


Sell RDP/Продажа дедиков/RDP SHOP #1
Ссылки для доступа к сервису: UAS-SERVICE.RU \ UAS-SERVICE.SU


HQ DUMPS by Donal Trump
Ссылки для доступа к сервису: TRUMP-DMPS.RU


Sell RDP/Продажа дедиков/RDP SHOP #1
Ссылки для доступа к сервису: UAS-SERVICE.RU \ UAS-SERVICE.SU


HQ DUMPS by Donal Trump
Ссылки для доступа к сервису: TRUMP-DMPS.RU



Ответ
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
 
Опции темы
Опции просмотра
Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход

Похожие темы
Тема Автор Раздел Ответов Последнее сообщение
CircleCI Customer Data Exposed Through Third-Party Vendor radikal Mass media about us 0 06.09.2019 00:42
Photos of 6.8 Million Facebook Users Exposed by API Bug radikal Mass media about us 0 15.12.2018 00:23
Australia's Biggest Bank Loses 20 Million Customer Records radikal Mass media about us 0 03.05.2018 21:20
3.7 Million Exposed in Banner Health Breach radikal Mass media about us 0 05.08.2016 00:25
Morgan Stanley to Pay $1 Million Penalty Over Customer Data Theft radikal Mass media about us 0 09.06.2016 21:42