1 0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com) null/SLASHDOT/0102639752 70
2 i Thursday September 06, 2018 @11:30PM (msmash)
3 i from the security-woes dept.
5 i Open .git directories are a bigger cybersecurity problem than
6 i many might imagine, at least according to a Czech security
7 i researcher who [1]discovered almost 400,000 web pages with an
8 i open .git directory possibly exposing a wide variety of data.
11 i > Vladimir Smitka began his .git directory odyssey in July
12 i when he began looking at Czech websites to find how many were
13 i improperly configured and allow access to their .git folders
14 i within the file versions repository. Open .git directories are
15 i a particularly dangerous issue, he said, because they can
16 i contain a great deal of sensitive information. "Information
17 i about the website's structure, and sometimes you can get very
18 i sensitive data such as database passwords, API keys,
19 i development IDE settings, and so on. However, this data
20 i shouldn't be stored in the repository, but in previous scans
21 i of various security issues, I have found many developers that
22 i do not follow these best practices," Smitka wrote. Smitka
23 i queried 230 million websites to discover the 390,000 allowing
24 i access to their .git directories. The vast majority of the
25 i websites with open directories had a .com TLD with .net, .de,
26 i .org and uk comprising most of the others.
30 i [1] https://www.scmagazine.com/home/news/400000-websites-vulne-
31 i rable-through-exposed-git-directories/
git://git.nikiroo.be / gofetch.git / blob