22 Dec Security Firm Says Nokia Accidentally Exposed Sensitive Information
Nokia denied this week claims by HackenProof’s Bob Diachenko that the Finnish phone giant had left a trove of sensitive information completely exposed on a server without protection.
Diachenko said that he discovered the exposed Etcd database server last December 13 using the Shodan search engine, and found that it contained credentials for applications such as Heketi, Redis, and Weave, but also Kubernetes secret encryption keys, a Gluster user private key, SSH and RSA private keys, cluster keys, AWS S3 secret keys and more. The server was also running a logging service that was left exposed without authentication.
However, Nokia denied that the server contained any sensitive information and said that it had only been created for testing purposes.