Multiple unsecured entry points allowed researchers to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy. Ars Technica reports: This week, security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group have shared details on how they were able to get their hands on sensitive systems and data hosted at Fermilab. After enumerating and peeking inside the fnal.gov subdomains using commonly available tools like amass, dirsearch, and nmap, the researchers discovered open directories, open ports, and unsecured services that attackers could have used to extract proprietary data. The server exposed configuration data for one of Fermilab’s experiments called “NoVa,” which concerns studying the purpose of neutrinos in the evolution of the cosmos. The researchers discovered that one of the tar.gz archives hosted on the FTP server contained Apache Tomcat server credentials in plaintext. The researchers verified that the credentials were valid at the time of their discovery but ceased experimenting further so as to keep their research efforts ethical.
Likewise, in another set of unrestricted subdomains, the researchers found over 4,500 tickets used for tracking Fermilab’s internal projects. Many of these contained sensitive attachments and private communications. And yet another server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information. A fourth server identified by the researchers exposed 5,795 documents and 53,685 file entries without requiring any authentication. […] Fermilab was quick to respond to the researchers’ initial report and squashed the bugs swiftly.
Read more of this story at Slashdot.