Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Could Have Hijacked Trump Campaign Email Server: Researchers

The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on behalf of the Trump campaign, according to security experts.

The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on behalf of the Trump campaign, according to security experts.

The issue was related to Laravel, a popular open source PHP web application framework. The framework includes a debug mode that allows developers to find errors and misconfigurations on their websites.

This debug mode should only be enabled during development, but many developers have failed to disable it once their website is live. Live websites that have the debug mode enabled can expose various types of backend information, including credentials and secret keys.

Comparitech researchers Bob Diachenko and Sebastien Kaul have scanned the web for websites that have the Laravel debug mode enabled and found over 760 sites. They estimated that roughly 10-20 percent of those sites exposed sensitive configuration data, including the Trump campaign website hosted at donaldjtrump.com.

According to Comparitech, Trump’s website exposed mail server information in clear text. This information could have been leveraged by malicious actors to intercept outgoing emails or send emails on behalf of the Trump campaign.

It’s unclear how long the debug mode was left enabled on Trump’s website, but it took roughly five days for the U.S. president’s campaign to address the issue after being notified.

“Even 24 hours is dangerous enough. Theoretically, anybody could use these credentials to impersonate the Trump campaign and send emails on behalf of email.donaldtrump.com,” Diachenko explained.

Contacted by SecurityWeek, the Trump campaign said the problem was fixed and claimed that nothing was at risk. The organization blamed it on outdated legacy code.

The fact that websites can expose sensitive information if the Laravel debug mode is left enabled has been known for some time. Last year, Diachenko and Kaul found 566 affected websites using the Shodan and BinaryEdge search engines.

*The article has been updated based on information received from the Trump campaign

Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies

Related: Misconfigured Jenkins Servers Leak Sensitive Data

Related: Misconfigured Google Groups Expose Sensitive Data

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...