Intel's internal site vulnerabilities led to unauthorized access to personal data of around 270,000 employees. Security researcher Eaton Zveare identified easily circumvented logins and hard-coded credentials as critical weaknesses. The exposure lasted over ten months, with multiple internal entry points discovered, including systems for human resources and partnerships. Despite the significance of findings, Zveare received no reward as Intel's bug bounty program excludes internal sites. The company has since repaired the vulnerabilities after they were reported through the appropriate channels.
Various vulnerabilities in Intel's internal sites allowed unauthorized users to access the personal data of approximately 270,000 employees, exceeding Intel's current workforce.
The incident lasted over ten months, from October 14 to August 18, when the findings were publicly detailed, revealing multiple entry points to sensitive data.
Zveare identified vulnerabilities such as easily circumvented logins and hard-coded credentials across four internal sites, including those for human resources and external partners.
The lack of reward for significant discoveries highlights a gap in Intel's bug bounty program, which excludes internal sites despite serious security findings.
Collection
[
|
...
]