"The analysis revealed that 72% of the servers provided unauthenticated read-only access to source code via a remote user account that had been enabled by default."
"Robertson found that 21% of the instances had at least one account with no password set, enabling direct read-write access."
"4% of servers had an unprotected 'superuser' account, enabling complete system compromise via command injection."
"Of the 2,826 public servers still active, 1,525, or roughly 54%, still allow unauthenticated read-only access to source code."
A researcher analyzed 6,122 internet-facing Perforce P4 servers and found significant misconfigurations. 72% allowed unauthenticated read-only access to source code, while 21% had accounts with no passwords, enabling read-write access. Additionally, 4% had unprotected 'superuser' accounts, risking complete system compromise. Many affected servers belonged to various industries, including gaming and medical technology. Of the 2,826 active servers, 54% still permit unauthenticated read-only access, and 17% allow user enumeration, posing serious security threats to major organizations.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]