Information leak on Toyota's supplier portal
Toyota's GSPIMS (Global Supplier Preparation Information Management System), a web-based application used by Toyota employees and its suppliers for coordination and other tasks related to the brand's global supply chain, was breached by a security researcher named Eaton Zveare, who reported the problem to the company.
The researcher discovered a backdoor in the GSPIMS system that allowed access to an existing user account, as long as the user's email address was known. By exploiting this vulnerability, an administrator account could be used to access sensitive information such as classified documents, project calendars, supplier classifications and data on 14,000 users.
References
-
07/02/2023bleepingcomputer.com
-
07/02/2023underc0de.org
-
08/02/2023ciberseguridadlatam.com
Etiquetas