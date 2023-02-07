CyberNews Briefs

Vulnerability Provided Access to Toyota Supplier Management Network

07 Feb 2023 OODA Analyst

 Car manufacturer Toyota as been alerted to a severe vulnerability in its web portal for the global supplier management network. According to Toyota, security researcher Eaton Zveare detected the vulnerability and was able to exploit it to gain access to sensitive information. The impacted web portal provides Toyota employees and suppliers with information about ongoing projects, surveys, and purchases.

Zveare stated that the vulnerability is an authentication error that allows access to any account using a valid email address. Toyota’s web portal contained a function that allowed users to generate an authentication token based on the email address provided without a password. Corporate Toyota email addresses are easy to guess as they follow the same format. Therefore, Zveare was able to exploit the vulnerability by guessing an email address and using open-source research to identify Toyota employees involved in the supply chain management aspect of the company.

Read More: Vulnerability Provided Access to Toyota Supplier Management Network

Tags:
OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

You Might Also Like

A Conversation with OODA Network Expert Kristin Del Rosso on Cybersecurity and National Vulnerability Database Research

February 7, 2023

Patch Released for Actively Exploited GoAnywhere MFT Zero-Day

February 7, 2023
OODALoop-subscribe-May-2014-v2