| 1 | 0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com) null/SLASHDOT/0102639752 70\r |
| 2 | i Thursday September 06, 2018 @11:30PM (msmash)\r |
| 3 | i from the security-woes dept.\r |
| 4 | i\r |
| 5 | i Open .git directories are a bigger cybersecurity problem than\r |
| 6 | i many might imagine, at least according to a Czech security\r |
| 7 | i researcher who [1]discovered almost 400,000 web pages with an\r |
| 8 | i open .git directory possibly exposing a wide variety of data.\r |
| 9 | i From a report:\r |
| 10 | i \r |
| 11 | i > Vladimir Smitka began his .git directory odyssey in July\r |
| 12 | i when he began looking at Czech websites to find how many were\r |
| 13 | i improperly configured and allow access to their .git folders\r |
| 14 | i within the file versions repository. Open .git directories are\r |
| 15 | i a particularly dangerous issue, he said, because they can\r |
| 16 | i contain a great deal of sensitive information. "Information\r |
| 17 | i about the website's structure, and sometimes you can get very\r |
| 18 | i sensitive data such as database passwords, API keys,\r |
| 19 | i development IDE settings, and so on. However, this data\r |
| 20 | i shouldn't be stored in the repository, but in previous scans\r |
| 21 | i of various security issues, I have found many developers that\r |
| 22 | i do not follow these best practices," Smitka wrote. Smitka\r |
| 23 | i queried 230 million websites to discover the 390,000 allowing\r |
| 24 | i access to their .git directories. The vast majority of the\r |
| 25 | i websites with open directories had a .com TLD with .net, .de,\r |
| 26 | i .org and uk comprising most of the others.\r |
| 27 | i \r |
| 28 | i \r |
| 29 | i \r |
| 30 | i [1] https://www.scmagazine.com/home/news/400000-websites-vulne-\r |
| 31 | i rable-through-exposed-git-directories/\r |
| 32 | i\r |