Nike Server Data Exposes Login Credentials

Nike Server Data Exposes Login Credentials

It was recently reported that an 18-year old researcher had found a vulnerability in Nike’s website that allowed an attacker to read sensitive server data such as passwords with just a few lines of code.

The flaw was discovered by Corben Leo last year. He contacted the company via its bug bounty email address, but did not get a reply for months. Leo said that he was able to extract data from the subdomain to an external FTP with a Python exploit code.

After Nike had finally responded, it  downplayed the risks the bug could have caused to its other systems and merely said that the domain was a pilot site hosted on a separate server and has already been taken down.

Source: ZDNet

Disini & Disini Law Office