Robertson said some of the unprotected systems belonged to AAA and indie game developers, universities, animation studios, interactive media firms, crypto projects, and manufacturers.The researchermade his findings publicon Tuesday, tellingSecurityWeekthat of the 6,122 public servers initially discovered, 2,826 are still active at their original IP addresses.Of these, 1,525, representing roughly 54%, still allow unauthenticated read-only access to source code via a remote user account. In addition, 501 instances, or 17% of the active servers, still allow completely unauthenticated user enumeration.Robertson toldSecurityWeekthat some of the affected servers appear to belong to major organizations, including a regional defense contractor, several medical technology providers, a North American law enforcement software vendor, an international industrial automation firm, a North American commercial EV startup, an Asian retail POS and ERP software vendor, and a banking software maker.The servers associated with these companies exposed highly sensitive information, including client information, internal projects, personal information, credentials, source code, and product schematics.The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
The researchermade his findings publicon Tuesday, tellingSecurityWeekthat of the 6,122 public servers initially discovered, 2,826 are still active at their original IP addresses.Of these, 1,525, representing roughly 54%, still allow unauthenticated read-only access to source code via a remote user account. In addition, 501 instances, or 17% of the active servers, still allow completely unauthenticated user enumeration.Robertson toldSecurityWeekthat some of the affected servers appear to belong to major organizations, including a regional defense contractor, several medical technology providers, a North American law enforcement software vendor, an international industrial automation firm, a North American commercial EV startup, an Asian retail POS and ERP software vendor, and a banking software maker.The servers associated with these companies exposed highly sensitive information, including client information, internal projects, personal information, credentials, source code, and product schematics.The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Of these, 1,525, representing roughly 54%, still allow unauthenticated read-only access to source code via a remote user account. In addition, 501 instances, or 17% of the active servers, still allow completely unauthenticated user enumeration.Robertson toldSecurityWeekthat some of the affected servers appear to belong to major organizations, including a regional defense contractor, several medical technology providers, a North American law enforcement software vendor, an international industrial automation firm, a North American commercial EV startup, an Asian retail POS and ERP software vendor, and a banking software maker.The servers associated with these companies exposed highly sensitive information, including client information, internal projects, personal information, credentials, source code, and product schematics.The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Robertson toldSecurityWeekthat some of the affected servers appear to belong to major organizations, including a regional defense contractor, several medical technology providers, a North American law enforcement software vendor, an international industrial automation firm, a North American commercial EV startup, an Asian retail POS and ERP software vendor, and a banking software maker.The servers associated with these companies exposed highly sensitive information, including client information, internal projects, personal information, credentials, source code, and product schematics.The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
The servers associated with these companies exposed highly sensitive information, including client information, internal projects, personal information, credentials, source code, and product schematics.The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
The researcher noted that the numbers he shared reflect only publicly exposed infrastructure.“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
“A significant number of Perforce servers sit strictly on internal networks but are deployed with the exact same insecure defaults,” Robertson explained. “This means any bad actor, insider threat, or red team that gains a foothold on a corporate network likely has a direct path to access critical IP or escalate privileges via these systems.”Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Perforce was notified of the findings roughly one year ago and quickly took action, disabling the remote user by default and updating its documentation to enhance security.“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
“P4 is trusted by some of the world’s most security-conscious teams to manage and safeguard their most valuable IP: source code and binary assets. However, like any advanced system, its effectiveness relies heavily on proper configuration and maintenance,” Perforce said in a May 2025blog post.It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
It added, “Any server left in a permissive state can create lapses in security hygiene over time, and lead to significant risks. And like any server connected to the internet, you should assume your P4 server will eventually be tested by an attacker.”In addition to notifying Perforce, Robertson has reached out to more than 60 of the affected organizations to warn them about the exposure.Related:Cursor AI Vulnerability Exposed Developer DevicesRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Source: SecurityWeek
