
P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet
CybersecurityVulnerabilitiesSource Code ExposureInsecure DefaultsPerforceRemote Code ExecutionSecurity Misconfiguration
The post highlights security risks in Perforce, a source control system used in gaming, entertainment, and engineering. A scan of 6,122 public Perforce servers found 72% exposed source code, 21% had passwordless accounts, and 4% included unprotected superusers enabling remote code execution (RCE). The vendor addressed the most critical issue, but many servers remain vulnerable due to insecure default configurations, such as auto-created accounts and a hidden read-only "remote" user. Hardening commands are provided to mitigate these risks.