It became known that all the contents of the internal Git repository of Nissan North America were in the public domain. The source code of the automaker's applications, diagnostic software and web services was leaked due to the administrator account, which used the default password.
The source says the information was downloaded from a Git server powered by the Bitbucket platform. The fact is that to gain access to this repository, the standard “admin” account with the password “admin” could be used. This was used by the cybercriminals who stole the data and made it publicly available.
According to available data, the source code of mobile applications, diagnostic software, NCAR and ICAR services, an information system for interaction with dealers, a portal for logistics management, server backends, internal information systems, automotive services, several programs were stolen from the Nissan Git repository. for customer service, marketing and sales management.
An analysis of the publicly available data showed that the code of the ASIST diagnostic system uses the outdated RC4 algorithm with a hard-coded “Amalesh” key to encrypt the password. Nissan representatives have so far refrained from commenting on the matter.
0 Comments