-
CVE-2023-6483: Improper/missing API authentication in ADiTaaS v5.1
The story of CVE-2023-6483, my first CVE and biggest security disclosure yet.
Eaton -
Tapping into a telecommunications company’s office cameras
API flaw enabled livestreaming of a telecommunications company’s office cameras.
Eaton -
Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API
A vulnerable password reset API made it possible to take over any account and gain admin-level access to the platform. In addition, broken/missing access controls made it possible to access all data on the platform.
Eaton -
Insecure Toyota CRM exposed Mexican customer information
Breaking into a Toyota CRM and exploiting it to view customer information.
Eaton -
Hacking into Toyota’s global supplier management network
Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.
Eaton
Subscribe to new posts
Get an email notification every time something new is published.