Here's The Flaw,Through Which The Impact Team Hacked The Ashley Madison Website

As per security consultant Gabor Szathmari, the Ashley Madison source code Contains "AWS tokens, Database credentials, SSL Certificate private keys and Other API tokens”.Gabor comes up with the above flaw with a quick 10 minutes analysis to the leaked ashley dump.


Gabor Szathmari point out the AWS token as a serious risk as once the the impact team manage to get into the system.It would be easier for them to gain privilege access into system.
AWS TOKEN

Szathmari found database password between  5 and 8 characters long of which many of then have 2 character class as shown in below image:
PASSWORD
Szathmari says,he found  the private keys of SSL certificates, and various application-specific tokens, are also stored in the code.
While the author doesn't make the specific claim that these mistakes lie behind the Ashley Madison hack, it hints at the kind of inattention that opens sites to attack.

Post a Comment

0 Comments