Jump to content
Adrian Flux

Nissan NA source code leaked due to default admin:admin credentials


Recommended Posts

Quote

Nissan NA source code leaked due to default admin:admin credentials

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.

The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.

It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident.

Complete git repos dump
Swiss developer and reverse engineer Tillie Kottmann, who maintains a repository of leaked source code from various sources and their scouting of misconfigured devops tools, posted a summary of the Nissan leak:

  • Nissan NA Mobile apps
  • Parts of the ASIST Diagnostic System software
  • Dealer Business Systems/Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • Client acquisition and retention tools
  • Sale/market research tools and data
  • Various marketing tools
  • Vehicle logistics portal
  • Vehicle connected services/Nissan connect things
  • Various other backends and internal tools

Kottmann told BleepingComputer that someone had informed them of the server and the admin/admin access credentials. Once the word got out, a torrent link for Nissan source code collection started being shared online; so despite Nissan's effort, the data remains in the hands of unauthorized third-parties.

Repository pulled
In a conversation with Kottmann, they said that the company contacted them about hosting the repositories and that they would likely remove them. It happened on Thursday.
 
The developer told us on a different occasion that they comply with takedown requests and are even willing to provide tips for improving the security of a company's infrastructure if asked.

Their public repository on GitLab contains folders with data from big companies like Pepsi, Toyota, SunTech, AMD, Motorola, Mediatek, Sierra Nevada Corporation, or the U.S. Air Force Research Laboratory.

Although not all folders have sensitive data they may contain information meant to be private or that could lead to protected assets.
 

Source
 

Oh dear, not good Nissan!

'A standard limited edition Yellow 370Z* with a plethora of minor bespoke mods'

*one of 40 don't you know!

gallery_245_77_177171.png

 

WARNING - DO NOT TRUST NavTool WITH YOUR MONEY

Link to post
Share on other sites

Tell me about it, they have lost the payment and delivery spec schedule I made for the GTR-50

  • Like 1
  • Haha 1

Nissan 370z "Zoe" Roadster "1 FHL" - Porsche "Maddie" Macan 3.0dS - MIni "Tommy" Coupe JCW "2 FHL"

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...