Home > Cloud Computing > Cloud Security

A vulnerability in youxin can cause Intranet roaming (involving a large amount of internal Sensitive Information)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

A vulnerability in youxin can cause Intranet roaming (involving a large amount of internal Sensitive Information)

It only proves that the vulnerability exists.
Are you still recruiting security personnel?

There are many problems. There are no restrictions on the mailbox system, and the number can be scanned and cracked; there are no restrictions on multiple backend, And the mailbox and other background uniform authentication, so you can roam multiple systems. The email contains multiple system passwords, such as the VPN password and IDC office network structure, which leads to intranet roaming.


I. weak passwords in multiple mailboxes. For details, refer to the list.

Https://mail.youxinpai.com

User name/Password
 

Mask Region 
  
   *****uxin.**********hu/ux**********ing/a**********2/ux**********hi/ux**********uxin.**********ng/ux**********ei/ux**********bc.1**********uxin**********g/ux**********/uxi**********ng/ux**********/uxin**********n/uxi**********g/uxi**********/uxin**********a/uxi**********/uxi**********2/ab**********n/ux**********uxin**********uxin**********/uxin**********n/ux**********/uxi**********ng/uxi**********3/uxi**********n/ux**********/uxi**********g/ux**********1/ux**********ng/uxi**********n/uxi**********/uxin**********an/ux**********ue/ux**********ng/uxi**********g/ux**********in/ux**********/uxin**********n/uxi**********hu/u*****



In fact, there are more weak passwords. Please check them yourself.


2. the OA system may disclose the organizational structure and contact information of all employees.
 


 



Iii. Major business backend (because it is the same password as the email, even cracking is saved)
 


 


 



4. A large amount of sensitive information (for areas without human bypass, ask wooyun Jun to help with human bypass)
 


 


 


 


5. VPN (Unified VPN password and mailbox .......)
 


 


 

 



6. I always thought this guy was an O & M engineer and was engaged in security for half a day...
 


Solution:

You are so awesome in security, I believe he can solve it.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More