A vulnerability in the Tesla Retail Tool (TRT) application allowed a researcher to take over the accounts of former employees.
TRT was created to store a variety of enterprise data, including financial information, information on Tesla locations, contact details, building plans, network circuit details, and information on local, ISP, and utility account logins.
TRT was designed to support both employee and vendor logins. Security researcher Evan Connelly explains that the application supports both internal and external account logins and uses a JSON Web Token (JWT) for authentication that specifies an email address cleared for manually defined user accounts.
Read More: Tesla Retail Tool Vulnerability Led to Account Takeover
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.