Multiple McDonald's online portals were discovered by ethical hacker Bobdahacker to have been plagued by a plethora of security vulnerabilities, reports The Register.
Aside from the lack of server-side checking on the fast food chain's online delivery app enabling free food orders, McDonald's Feel-Good Design Hub which serves as the firm's global marketing and promotional material repository had a viewable MagicBell API key and authentication secret that could be exploited for further compromise, according to Bobdahacker, who also identified an issue within the site's Algolia search-as-a-service tool. Moreover, OAuth misconfigurations could enable lower-level employees to access McDonald's executive portals, while lacking admin authorization in the company's Global Restaurant Standards portal for franchisees could allow anyone to edit the site's content. While almost all of the issues have already been addressed, Bobdahacker noted that reporting the issues has been troublesome due to McDonald's lack of a valid security.txt file. Such findings follow the recent discovery of flaws impacting McDonald's artificial intelligence chatbot.
Aside from the lack of server-side checking on the fast food chain's online delivery app enabling free food orders, McDonald's Feel-Good Design Hub which serves as the firm's global marketing and promotional material repository had a viewable MagicBell API key and authentication secret that could be exploited for further compromise, according to Bobdahacker, who also identified an issue within the site's Algolia search-as-a-service tool. Moreover, OAuth misconfigurations could enable lower-level employees to access McDonald's executive portals, while lacking admin authorization in the company's Global Restaurant Standards portal for franchisees could allow anyone to edit the site's content. While almost all of the issues have already been addressed, Bobdahacker noted that reporting the issues has been troublesome due to McDonald's lack of a valid security.txt file. Such findings follow the recent discovery of flaws impacting McDonald's artificial intelligence chatbot.
