• Mon. Oct 16th, 2023

Vulnerability on the Ferrari website has compromised user data

Avatar photo

ByEsme Greene

Jul 25, 2023
Ferrari website vulnerability compromises user data
Esme Greene
Latest posts by Esme Greene (see all)

Security researchers from Char49 have discovered a dangerous vulnerability in a WordPress plugin on Ferrari’s website. The security breach enabled potential attackers to gain unauthorized access to users’ sensitive data.

According to a report from Char49, a cybersecurity testing and auditing company, the vulnerability was found in the W3 Total Cache plugin. While examining the domain ‘media.ferrari.com,’ they observed that the site was running an outdated version of the plugin.

This particular version of the plugin contains a vulnerability known as CVE-2019-6715, which allows unauthenticated attackers to access and view the information in files. The vulnerability specifically exposes the ‘wp-config.php’ file, which stores WordPress database credentials in plain text.

Ferrari’s cybersecurity in question

Ferrari’s cybersecurity practices have come into question as the researchers were able to successfully exploit the vulnerability and gain access to the data on the company’s website. The experts noted that they did not extensively investigate the database, as their actions were part of penetration testing. However, potential attackers could have accessed the database using the same method.

There is no evidence that the breach has been exploited for criminal purposes. The researchers promptly informed the company of their findings, and a week later, Ferrari updated the plugin, thereby resolving the vulnerability.

Experts agree that the security measures of a major car manufacturer like Ferrari should be stronger. It is worth noting that Ferrari had recently reported a cyber incident where the company’s systems were infected with ransomware, resulting in the theft of customer data.

The hacker group RansomEXX was responsible for stealing 7GB of customer data from Ferrari in that attack. Previously, the group had targeted other prominent companies, including Hellmann Worldwide and Tyler Technologies. In all these cases, the hackers extorted money by threatening to expose the stolen data.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.