A 2025 analysis by Australian researcher Morgan Robertson found 6,122 internet-facing Perforce P4 servers, many misconfigured and exposing highly sensitive information. Several active instances still allow unauthenticated read or write access and some expose superuser accounts, putting intellectual property and personal data at risk. #PerforceP4 #MorganRobertson
Keypoints
- Morgan Robertson discovered 6,122 internet-exposed Perforce servers in spring 2025.
- 72% of servers permitted unauthenticated read-only access via a default remote user account.
- 21% of instances had at least one account with no password, enabling unauthenticated read-write access.
- 4% of servers exposed an unprotected superuser account, risking full system compromise through command injection.
- Of 2,826 servers still at their original IPs, 54% allow unauthenticated read-only access and 17% allow unauthenticated user enumeration.
Read More: https://www.securityweek.com/unsecured-perforce-servers-expose-sensitive-data-from-major-orgs/