German IT Consultant Fined Thousands for Reporting Security Failing

  /     /     /  
Publicated : 23/11/2024   Category : security


German IT Consultant Fined Thousands for Reporting Security Failing


The company, Modern Solutions, had misconfigured a cloud database, but argues the contractor could only have found the password through insider knowledge.



After discovering and reporting a vulnerability in an e-commerce database that was putting customers and their personal information at risk, a security researcher in
Germany
was fined €3,000 for doing so.
In 2021, a contractor, known as Hendrik H., said he was troubleshooting software for Modern Solution GmbH when he realized that
password access
to the remote server was stored in plain text in MSConnext.exe. This easy access would make the password simple for many to find, and a threat actor could access data to everything stored on the database server, including customer information.
In response, Modern Solution released a statement saying, We currently do not know to what extent this data was passed on or further used by the ethical hacker, and whether further access occurred. We are working intensively to investigate the incident.
The statement claimed that a limited amount of data was exposed, though
some argue that it was much more
than this. Mark Steier, who wrote about the
contractors initial findings
for Wortfilter.de, argued that the vulnerability in Modern Solution was much more serious than the company was conveying it to be.
In September 2023, Hendrik H. was charged with unlawful access according to Germanys Criminal Code, after Modern Solutions made the complaint that he was a competitor who obtained the password through insider knowledge.
The Jülich District Court initially sided with Hendrik H. in June 2023, on the basis that Modern Solution software did not have sufficient protection for the database. However, the case was appealed to the Aachen regional court, after which the district court reversed its decision on Jan. 17, leaving Hendrik H. to be fined and in charge of paying court costs.
Hendrik H. reportedly intends to appeal this decision.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
German IT Consultant Fined Thousands for Reporting Security Failing