Full Source Code & Config Credentials of a Healthcare Application
Discovery & Impact
Sensitive information vulnerabilities do not always pose a direct threat to an organization's infrastructure, but those that do are handled with special urgency. In this instance, the information disclosure discovered by NetSPI ASM was as bad as they get, exposing the full source code for the application, including configuration credentials and a full database backup containing user data and credentials for users of a healthcare-focused application. In addition to threatening users' privacy by exposing their personal information to unauthorized parties, this information disclosure also could enable an attacker to take full control over the application's infrastructure, potentially leading to further information disclosures, deployment of ransomware, or any number of costly and damaging attacks.
Remediation Outcome
Though the potential impact of this vulnerability was severe, the fix was simple. Working with the customer, offensive security experts provided instructions on how to address the root cause of this vulnerability and to prevent similar vulnerabilities from arising in the future.
Upon detecting a potential information disclosure vulnerability, NetSPI ASM alerted our NetSPI Agents.
We reviewed the vulnerability details and began the process of manual verification.
Manual review of the vulnerable location within the customer's application revealed a large archive file.
We downloaded and extracted the archive file to inspect its contents. Upon inspection, we discovered that the archive contained a complete backup of the entire web application, including all user data, hashed user passwords, and source code.
Though passwords were not being stored in plaintext, hashed passwords can sometimes be recovered to their plaintext form through the process of password cracking.
Using the cracked password and associated username, we were then able to log into the application, demonstrating that the database backup contained valid data.
Given the immediate risk posed to the customer's infrastructure, application, and its users' data, security experts elevated the original "Medium" severity information disclosure vulnerability to a "Critical" severity rating and immediately reported the vulnerability to the customer, in line with their vulnerability reporting preferences.
Penetration Testing for Compliance: Achieving SOC 2, PCI DSS, and HIPAA 
NetSPI helps a global healthcare software company stay secure with a shared mission 
Quantum Health: Redefining Benefits Navigation with Proactive Engagement and Cost Savings