config files with vpn pre-shared-key and other credentials in them

Disclosed by
  • Program Tesla
  • Disclosed date almost 2 years ago
  • Reward $10,000
  • Priority P1 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by xail

I was able to enumerate a directory with directory indexing enabled running on an nginx server.

This was the location:

Within this directory I encountered a zip file containing sensitive information such as:
Radius passwords
Administrator passwords for the network equipment
wifi passwords for Tesla stores
IKE pre-shared-key password for Tesla corporate/internal VPN access
Tesla real estate financial information