A large number of account passwords leaked by Sinochem corporation in China

A large number of account passwords leaked by Sinochem corporation in China

Launch the first shot to a normal white hat.

The China Sinochem Corporation's email system is open to the Internet. It does not impose restrictions on User Login errors or add verification codes. As a result, it can crack the code and successfully log on to a large number of employee accounts (including second-level organizations ), there is a high risk of leakage of user data. I really don't want to be used by bad guys.

1. Email Address: https://m.sinochem.com/

2. Successful cracking of a large number of weak passwords

303 indicates a successful account.

3. Finance and manpower

4. Because it is also a domino framework, you can use its existing permission control to obtain information about employees of the entire group, such:
 

There are too many pages. The second and last addresses are:

Https://m.sinochem.com/names.nsf/?users? OpenView & Start = 202846

It can be seen that there are many employees in Sinochem group in China. Using so many employee accounts, you can crack a large number of mailbox account passwords.

5. Some sensitive files

I. Deputy Manager
 

2. Family Members

Iii. Salary information

Iv. Real Estate Information:

I understand the truth that only 50 million yuan can buy a house in Chaoyang district, and I am destined to be a lifetime.

Solution:

1. Change the weak password. 2. restrict the number of Logon errors. 3. Add a verification code. 4. Upgrade the Domino framework.