[Leaked News] Verizon Leaking Credentials

rofl cake

rofl cake

Well-Known Member
May 25, 2015
204
451
108
https://adamcaudill.com/2015/12/25/verizon-hum-leaking-credentials/
Adam Caudill said:
Username, password. Embedded in JavaScript. Seriously.
Click to expand...
Adam Caudill said:
I’ve reached out to Verizon via Twitter to ensure that they are aware that this information is being leaked. I attempted to email both [email protected] and [email protected] – neither of which are valid addresses (another surprise from a company that should have a clue).
Click to expand...
HTML: 
{
  ...
  "verizonApi":{
    "rest":{
      "source_name":"ss",
      "organization":"Tech",
      "region":"US",
      "application_name":"VV",
      "default_timeout":"15000",
      "integration_id":"12345",
      "order_type":"NEW_VV",
      "channel_name":"Online",
      "debug":"1"
    },
    "soap":{
      "username":"vv_aia_integration_user",
      "password":"Weblogic12"
    },
    "calculate_tax":{
      "url":"http:\/\/osb-bss-vv.vtitel.net\/HTIWebGateway\/vv\/rest\/TaxCalculation\/products\/tax\/totalAmount",
      "behavior":"call_api"
    },
    "catalog_sync_promotion_detail":{
      "external_url":"http:\/\/atlspare05xd.hughestelematics.net:8011\/HTIWebGateway\/vv\/rest\/CatalogSync\/catalogSync\/get\/detail\/promotion",
      "timeout":"60000",
      "url":"http:\/\/osb-bss-vv.vtitel.net\/HTIWebGateway\/vv\/rest\/CatalogSync\/catalogSync\/get\/detail\/promotion",
      "behavior":"call_api"
    },
    ...
  }
}
 
R

RSX

New Member
Dec 18, 2016
49
22
20
Seriously, what's so wrong about embedded authentication tokens in javascript? There's absolutely nothing wrong with that and many sites use that method. The ways an attacker would be able to acquire them are the exact same ways they were using before to get them from restful auth requests. Do note, I'm not defending the plain text password part, as that's disgraceful, and that's the part you should be getting your pitchforks out at. The emphasis on the javascript part is just silly imho
 
You must log in or register to reply here.
Top