. home.aspx

NEWS

home.aspx
   


EE Fix Portal Which Was Secured with 'Admin' Password

May 11, 2018 / Dan Raywood

Telco EE has been accused of “exposing over two million lines of private source code to their systems and employee systems,” due to the use of an admin:admin username and password combination. According to security researcher and developer “Six”, there is a Sonarqube portal on an EE subdomain, which EE uses to audit the code and discover vulnerabilities across its website and customer portal. However, it had not changed the default password from “admin”, reported ZDNet. “Access to this allows malicious hackers to analyze source code and identify vulnerabilities within,” Six said. “Actually; there's no need, since you can just view the code and take AWS keys, API keys, and more.” A spokesperson later told ZDNet that the company had changed the password and that the service was pulled offline while the company investigates, and that the portal was a tool used by the company's web development team to quality check its cod...