Comment by pm90

Comment by pm90 12 hours ago

4 replies

View on Hacker News

The bigger issue that nobody seems to have addressed is how a single developer could have a machine that only he had access to that could run this code with admin privileges over their ActiveDirectory. Eaton should immediately explain what kinds of safeguards it has instituted to prevent this from happening again. If I were the CEO I would be thanking this person to have revealed this kind of access control vulnerability.

eurleif 12 hours ago

Yes, and this is especially concerning because Eaton makes IoT devices. Imagine the damage a disgruntled employee could do by deploying malicious code to devices on millions of consumers' networks. A company of this size, with this large of a blast radius, should be highly diligent about internal threats.

Reply View 0 replies
paulddraper 12 hours ago

Why do you think he had admin access to Active Directory?

Regardless, it should be pretty obvious that if an attacker gains RCE, they can do a lot.

Reply View 1 reply
  • gpvos 10 hours ago

    He could prevent logins of other people. That means a rather high level of access.

    Reply View 0 replies
thrown-0825 10 hours ago

you would be amazed how often this happens

i regularly see orgs with orphan machines running that no one understands or wants to touch

Reply View 0 replies