Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Hackers Could Have Hijacked Trump Campaign Email Server: Researchers

The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on behalf of the Trump campaign, according to security experts.

The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on behalf of the Trump campaign, according to security experts.

The issue was related to Laravel, a popular open source PHP web application framework. The framework includes a debug mode that allows developers to find errors and misconfigurations on their websites.

This debug mode should only be enabled during development, but many developers have failed to disable it once their website is live. Live websites that have the debug mode enabled can expose various types of backend information, including credentials and secret keys.

Comparitech researchers Bob Diachenko and Sebastien Kaul have scanned the web for websites that have the Laravel debug mode enabled and found over 760 sites. They estimated that roughly 10-20 percent of those sites exposed sensitive configuration data, including the Trump campaign website hosted at donaldjtrump.com.

According to Comparitech, Trump’s website exposed mail server information in clear text. This information could have been leveraged by malicious actors to intercept outgoing emails or send emails on behalf of the Trump campaign.

It’s unclear how long the debug mode was left enabled on Trump’s website, but it took roughly five days for the U.S. president’s campaign to address the issue after being notified.

“Even 24 hours is dangerous enough. Theoretically, anybody could use these credentials to impersonate the Trump campaign and send emails on behalf of email.donaldtrump.com,” Diachenko explained.

Contacted by SecurityWeek, the Trump campaign said the problem was fixed and claimed that nothing was at risk. The organization blamed it on outdated legacy code.

Advertisement. Scroll to continue reading.

The fact that websites can expose sensitive information if the Laravel debug mode is left enabled has been known for some time. Last year, Diachenko and Kaul found 566 affected websites using the Shodan and BinaryEdge search engines.

*The article has been updated based on information received from the Trump campaign

Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies

Related: Misconfigured Jenkins Servers Leak Sensitive Data

Related: Misconfigured Google Groups Expose Sensitive Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.