Redazione RHC : 26 August 2025 22:15
An attack on Intel’s internal resources has demonstrated that vulnerabilities can be found not only in processors, but also in company websites. A security researcher discovered four different ways to obtain data on over 270,000 Intel employees: from human resources databases and contact information to supplier and manufacturing process information.
All the identified vulnerabilities have already been fixed, but the very fact that they were discovered demonstrates how fragile the internal infrastructure of even the largest market players can be.
The first issue was found in the service for ordering business cards for Intel India employees. The site was based on Angular and used the Microsoft Authentication Library. The author managed to bypass corporate authorization by modifying the getAllAccounts function, which returned an empty array if no login was present. After the replacement, data was loaded without an account, and API requests did not require real authentication. As a result, a single call could download nearly a gigabyte of JSON files with personal information on employees around the world, from their names and positions to their company phone and email addresses.
The second vulnerability was the Hierarchical Management portal, used to structure product groups and department heads. The code contained hardcoded credentials, with basic AES encryption that could easily be bypassed: the key itself was present on the client side. Additionally, direct Basic Auth logins for administrative services were found. After replacing the isAuthenticated variable and simulating roles in Microsoft Graph responses, the site opened with full administrator rights, allowing users to view service requests and product information, including those not yet publicly available.
The third site, Product Onboarding, related to the process of adding new products to the Intel ARK system, contained even more sensitive details. Its code contained multiple sets of logins and tokens simultaneously: from an API for collaborating with staff to access to GitHub, where internal repositories were stored. Formally, some of the functions were protected by VPN, but by bypassing the login and impersonating the necessary roles, the researcher gained a full set of administrative functionality.
The fourth access point is SEIMS, a portal for exchanging environmental and technical documentation with suppliers. In this case, the vulnerability lay in a basic token verification error. The site accepted the spelling error “Unauthorized” as a valid Bearer token, allowing any employee to be impersonated. By replacing the user ID with an arbitrary user ID, it was possible to bypass authorization, open product reports and partner contracts, and access confidential material.
A report on all discovered vulnerabilities was submitted to Intel in the fall of 2024. The company did not pay a reward for these discoveries, as its web infrastructure had long been considered outside the scope of the bug bounty program. The only response was an automatic notification of receipt of the letters, but the fixes were implemented within 90 days. In August 2025, the specialist published a detailed report, noting that Intel had nevertheless extended its bug bounty policy to include services and websites.
The case is illustrative: hardware vulnerabilities bring fame and hundreds of thousands of dollars, but corporate web portals with direct access to huge amounts of data cannot be less valuable to attackers.
Redazione