Representatives of the file sharing and cloud content management services provider have clarified that customer data was never at risk and that there is no evidence to suggest unauthorized use of the exposed credentials. This is especially important in environments that use a managed software update workflow which may be holding back automatic updates until specific action is taken by an admin,” the expert noted. “There is no way of knowing who else has been aware of the exposed information before me and whether or not it may have been used to access Box customer data. The researcher highlighted that he had not attempted to use any of the information he found to gain access to Box systems. Since bots exist that scan Github and other public version control services for unintentionally checked in API keys and secrets, Box probably didn’t mean to expose all this information in the Box Sync application,” Bruienne explained in a blog post. While browsing through the application’s files, he discovered some Python files containing sensitive data such as API keys, internal user IDs, passwords, and URLs. Pepijn Bruienne, a Mac development and operation specialist senior at the University of Michigan, analyzed the Mac version of the popular desktop sync application to see if he could control its auto-update feature. #Box sync for mac for macBox Sync for Mac has been updated to address a security issue that exposed sensitive internal information, a researcher reported over the weekend.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |