Tesla tackles CORS misconfigurations that left internal networks vulnerable


Following the demonstration by security researchers that they might steal data from the automaker’s internal network, Tesla is one of several corporations to fix cross-origin resource sharing (CORS) errors.

This information comes from Truffle Security, which claimed that its researchers received a “few thousand dollars” from CORS vulnerabilities reported through several bug bounty schemes. The weaknesses confirmed Truffle Security’s initial theory that “large internal corporate networks are highly likely to have impactful CORS misconfigurations” with the aid of an exploitation toolset created specifically for the research.

Read More…