BugCrowd Bug Bounty Disclosure: – Auth.Tesla.com Account Takeover of Internal Tesla Accounts – By evanconnelly
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.
Program
Program Information
tesla
Details
Additional Information
- Priority:
Tesla has two Identity Providers (IDPs), auth.tesla.com for external users and sso.telsa.com for employees. Tesla Retail Tool (TRT) allows logins from both and was not checking what IDP the user logged-in with (auth.tesla.com vs sso.tesla.com). This made for a condition where via Google Dorks, I was able to identify names and extrapolate email addresses of former Tesla staff and then register accounts with the external IDP using the email addresses of former employees whose accounts had been disabled on the internal IDP but who still had privileges defined by their internal Tesla email address within TRT and ultimately log into TRT with the privileges of those users.
Submitted By
Submitter Information
- Hacker Points: 200
- Hacker Accuracy: 100.0%
- Hacker Rank: 1432nd
evanconnelly
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.