Type
Incident
Actors
Unknown
Pub. date
December 30, 2024
Initial access
Software misconfig
Impact
Data exfiltration
Observed techniques
Valid creds abuseCredential theft
Observed tools
SubfinderGoBuster
Targeted technologies
Spring Boot Actuator
References
https://media.ccc.de/v/38c3-wir-wissen-wo-dein-auto-steht-volksdaten-von-volkswagen#l=eng&t=0https://www.wiz.io/blog/spring-boot-actuator-misconfigurations
Status
Finalized
Last edited
Jan 8, 2025 1:23 PM
Researchers found a data exposure issue within Volkswagen’s environment by leveraging tools such as Subfinder, GoBuster, and Spring. Using these tools, they found a Java Spring application exposing its Heap dump file. Heap dumps, which list various objects within a Java Virtual Machine (JVM), are typically used for monitoring performance metrics and introspection but can inadvertently expose sensitive information.
In this case, the heap dump contained active AWS credentials stored in plain text.