“Wiz Research researchers have discovered DEEPSEEK database leakage containing chat history, private keys, Bekenda details and other confidential information. This was reported in the company blog. After a noise around the Chinese startup, Wiz Research experts analyzed its safety for possible vulnerability. Within a few minutes, the analysts found an open CLICKHOUSE database related to Deepeseek. It did not require authentication that gave access to confidential […]”, – WRITE: Businessua.com.ua
Wiz Research researchers have discovered DEEPSEEK database leakage containing chat history, private keys, Bekenda details and other confidential information. This is reported In the company’s blog.
After a noise around the Chinese startup, Wiz Research experts analyzed its safety for possible vulnerability. Within a few minutes, the analysts found an open CLICKHOUSE database related to Deepeseek. It did not require authentication that gave access to confidential information.
The vulnerability made it possible to fully control the database and increase privileges in Deeseek without a protection mechanism.
The gaps in defense were detected by searching and analyzing subdomen. Initially, Wiz Research found about 30 that go online. Most of them were not at high risk. By expanding the search beyond the standard HTTP ports (80/443), two unusual open gateways (8123 and 9000) were identified. They led to an open CLICKHOUSE database.
Clickhouse is a columnar database management system. It was developed by Yandex in 2016 and is now a project with an open source code.
The Wiz Research team reported the Dee Explode Problem, the startup promptly eliminated it.
The gun