BugCrowd Bug Bounty Disclosure: P3 – Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access – unknown_soldier

May 14, 2025
Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access

Exposed Python Script with Hardcoded SFTP Credentials, Internal IPs, and Sensitive Data Access

Researcher: unknown_soldier
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-05-13T15:04:54Z
Priority: P3
Status: Resolved

Summary

I found a Python script that is publicly available on the internet. The script contains hardcoded login details (username and password), IP addresses of internal devices, and access to sensitive data. This could allow hackers to get unauthorized access to the system, download important data, or interfere with research files.

Activity Feed

Actor Details Timestamp (UTC)
Martin Martin published 2025-05-13T15:04:54Z
unknown_soldier unknown_soldier requested 2025-05-08T08:44:40Z
Brandon Brandon sent a: message 2025-05-05T15:56:34Z
unknown_soldier unknown_soldier sent a: message 2025-05-02T02:16:10Z
Glitch_Bugcrowd Glitch_Bugcrowd changed the state to to resolved 2025-05-01T14:20:43Z
unknown_soldier unknown_soldier sent a: message 2025-04-26T00:29:59Z
Martin Martin changed the state to to unresolved 2025-04-25T18:16:28Z
viper-bugcrowd viper-bugcrowd changed the state to to triaged 2025-04-23T07:39:02Z
viper-bugcrowd viper-bugcrowd changed the severity to 2025-04-23T07:39:00Z
viper-bugcrowd viper-bugcrowd sent a: message 2025-04-23T07:38:57Z
unknown_soldier unknown_soldier resolved a blocker for 2025-04-23T01:02:12Z
unknown_soldier unknown_soldier sent a: message 2025-04-23T01:02:12Z
Mason357_Bugcrowd Mason357_Bugcrowd created a blocker on 2025-04-22T17:56:45Z
Mason357_Bugcrowd Mason357_Bugcrowd sent a: message 2025-04-22T17:56:30Z
unknown_soldier unknown_soldier created the submission 2025-04-22T14:47:56Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

CVE Alert: CVE-2025-5383

June 1, 2025
image

CVE Alert: CVE-2025-5381

June 1, 2025
image

CVE Alert: CVE-2025-5384

June 1, 2025
image

CVE Alert: CVE-2025-5379

June 1, 2025
image

CVE Alert: CVE-2025-5385

June 1, 2025