config files with vpn pre-shared-key and other credentials in them

Disclosed by
phfboi
  • Program Tesla
  • Disclosed date about 2 months ago
  • Reward $10,000
  • Priority P1 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by phfboi

I was able to enumerate a directory with directory indexing enabled running on an nginx server.

This was the location: https://trt.teslamotors.com/uploads/itscripts/pdx01.zip

Within this directory I encountered a zip file containing sensitive information such as:
Radius passwords
Administrator passwords for the network equipment
wifi passwords for Tesla stores
IKE pre-shared-key password for Tesla corporate/internal VPN access
Tesla real estate financial information

Activity