Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code.
Researchers discovered more than 80,000 user pastes totaling over 5GB exposed through a feature called Recent Links provided by both services, which is freely accessible to anyone.
Some of the companies and organizations with sensitive data leaked this way are in high-risk sectors like government, critical infrastructure, banking, insurance, aerospace, healthcare, education, cybersecurity, and telecommunications.
Saving secrets online
Researchers at external attack surface management company WatchTowr examined the JSONFormatter and CodeBeautify online platforms and found that their Recent Links feature provided access to JSON snippets that users had saved on the services' servers for temporary sharing purposes.
When clicking the 'save' button, the platform generates a unique URL pointing to that page and adds it to the user’s Recent Links page, which has no protection layer, thus leaving the content accessible to anyone.
Since Recent Links pages follow a structured, predictable URL format, the URL can be easily retrieved with a simple crawler.
The Recent Links section on JSON Formatter
Source: watchTowr
Level of exposure
... continue reading