Nissan NA source code leaked due to default admin:admin credentials

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/nissan-na-source-code-leaked-due-to-default-admin-admin-credentials/

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.

The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.

It is unclear if Nissan learned about the leak by itself or received a tip, but the company took down the insecure server on Tuesday before media outlets started publishing news of the incident.

Swiss developer and reverse engineer Tillie Kottmann, who maintains a repository of leaked source code from various sources and their scouting of misconfigured devops tools, posted a summary of the Nissan leak:

• Nissan NA Mobile apps
• Parts of the ASIST Diagnostic System software
• Dealer Business Systems/Dealer Portal
• Nissan internal core mobile library
• Nissan/Infiniti NCAR/ICAR services
• Client acquisition and retention tools
• Sale/market research tools and data
• Various marketing tools
• Vehicle logistics portal
• Vehicle connected services/Nissan connect things
• Various other backends and internal tools

Nissan NA source code leaked due to default admin:admin credentials

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials.

www.bleepingcomputer.com