Tesla is one of several organizations to remedy cross-origin resource sharing (CORS) misconfigurations after security researchers proved they could exfiltrate data from the carmaker’s internal network.
That’s according to Truffle Security, which said its researchers earned a “few thousand dollars” from CORS vulnerabilities submitted through various bug bounty programs.
With the help of an exploitation toolkit custom-built for the project, the flaws validated Truffle Security initial hypothesis that “large internal corporate networks are exceedingly likely to have impactful CORS misconfigurations”.
Truffle Security has detailed how its team leveraged typosquatting to sidestep constraints routinely imposed by bug bounty programs in a blog post and accompanying video (embedded below).
“Usually internal networks are out of scope for bug bounties due to the strict rules against lateral movement and social engineering,” it noted. “We’re aware we’re walking very close to the line, but we don’t believe it’s been crossed.”
CORS is a browser security mechanism that offers controlled access to resources situated outside of a given domain. In doing so it helps developers by offsetting the rigidity of same-origin policy (SOP), which restricts scripts on one origin from accessing data from another.
However, overly permissive configurations can leave the door open to cross-domain attacks.