Auth.Tesla.com Account Takeover of Internal Tesla Accounts - CrowdStream

Summary by evanconnelly

Tesla has two Identity Providers (IDPs), auth.tesla.com for external users and sso.telsa.com for employees. Tesla Retail Tool (TRT) allows logins from both and was not checking what IDP the user logged-in with (auth.tesla.com vs sso.tesla.com). This made for a condition where via Google Dorks, I was able to identify names and extrapolate email addresses of former Tesla staff and then register accounts with the external IDP using the email addresses of former employees whose accounts had been disabled on the internal IDP but who still had privileges defined by their internal Tesla email address within TRT and ultimately log into TRT with the privileges of those users.

Activity

Nick Customer published the disclosure report
2 years ago(04 Apr 2023 18:34:42 UTC)
evanconnelly updated the disclosure summary
2 years ago(04 Apr 2023 18:33:07 UTC)
evanconnelly requested disclosure
2 years ago(04 Apr 2023 18:30:20 UTC)
evanconnelly sent a message
2 years ago(04 Apr 2023 17:03:40 UTC)
Nick Customer sent a message
2 years ago(03 Apr 2023 22:44:33 UTC)
evanconnelly sent a message
2 years ago(03 Apr 2023 22:17:46 UTC)
AK Customer sent a message
2 years ago(29 Nov 2022 17:34:28 UTC)
AK Customer rewarded evanconnelly
2 years ago(29 Nov 2022 17:33:10 UTC)
AK Customer changed the state to Resolved
2 years ago(29 Nov 2022 17:33:04 UTC)
AK Customer rewarded evanconnelly 40 points
2 years ago(29 Nov 2022 17:33:03 UTC)
Nick Customer changed the severity to P1
2 years ago(28 Nov 2022 18:34:41 UTC)
Nick Customer changed the severity to P2
2 years ago(28 Nov 2022 18:34:38 UTC)
AK Customer sent a message
2 years ago(21 Nov 2022 18:49:41 UTC)
evanconnelly sent a message
2 years ago(21 Nov 2022 17:21:57 UTC)Edited 2 years ago
AK Customer sent a message
2 years ago(20 Nov 2022 15:16:24 UTC)
AK Customer changed the state to Triaged
2 years ago(20 Nov 2022 15:05:35 UTC)
evanconnelly created the submission
2 years ago(19 Nov 2022 15:40:59 UTC)