Nokia denies leaking internal credentials in server snafu

[silversurfer]

Finnish phone vendor Nokia denied today a security company's claims that it exposed a treasure trove of internal credentials, encryption and API keys in a server that it accidentally left exposed and easily accessible over the Internet.

The issue at hand is in regards to an etcd server discovered by HackenProof researcher Bob Diachenko.

Diachenko told ZDNet last week that he came across one such etcd server last week, on December 13. He says he discovered the server using the Shodan search engine for internet-connected devices. Diachenko said it was immediately clear that the server belonged to Nokia.

In a blog post today, the researcher finally detailed last week's findings, after Nokia had secured the exposed server earlier this week. According to Diachenko, the server included credentials for applications such as Heketi, Redis, and Weave, but also Kubernetes secret encryption keys, a Gluster user private key, SSH and RSA private keys, cluster keys, AWS S3 secret keys "and a couple of others."

Source: https://www.zdnet.com/article/nokia-deni...ver-snafu/