Navigation
Recherche
|
A Leaky Database of SMS Text Messages Exposed Password Resets and Two-Factor Codes
vendredi 16 novembre 2018, 19:00 , par Slashdot
A database which contained millions of text messages used to authenticate users signing into websites was left exposed to the internet without a password. From the report: The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn't protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages. For Sebastien Kaul, a Berlin-based security researcher, it didn't take long to find. Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox's own subdomains. Worse, the database -- running on Amazon's Elasticsearch -- was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves.
Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/kTWdt3FUvcM/a-leaky-database-of-sms-text-messages-exposed-p...
|
56 sources (32 en français)
Date Actuelle
jeu. 21 nov. - 23:03 CET
|