Information leak on Toyota's supplier portal
Toyota's GSPIMS (Global Supplier Preparation Information Management System), a web-based application used by Toyota employees and its suppliers for coordination and other tasks related to the brand's global supply chain, was breached by a security researcher named Eaton Zveare, who reported the problem to the company.
The researcher discovered a backdoor in the GSPIMS system that allowed access to an existing user account, as long as the user's email address was known. By exploiting this vulnerability, an administrator account could be used to access sensitive information such as classified documents, project calendars, supplier classifications and data on 14,000 users.
References
- 06/02/2023 eaton-works.com Hacking into Toyota’s global supplier management network
- 07/02/2023 bleepingcomputer.com Researcher breaches Toyota supplier portal with info on 14,000 partners
- 07/02/2023 securityweek.com Vulnerability Provided Access to Toyota Supplier Management Network
- 07/02/2023 portswigger.net Toyota sealed up a backdoor to its global supplier management network
- 07/02/2023 underc0de.org Vulnerando: portal de proveedores de Toyota con información sobre 14,000 socios
- 08/02/2023 ciberseguridadlatam.com Un investigador accede al portal de proveedores de Toyota, con información de 14.000 socios
Etiquetas
