0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com)	null/SLASHDOT/0102639752		70
i  Thursday September 06, 2018 @11:30PM (msmash)
i  from the security-woes dept.
i
i    Open  .git  directories are a bigger cybersecurity problem than
i    many  might  imagine,  at  least  according to a Czech security
i    researcher  who  [1]discovered almost 400,000 web pages with an
i    open  .git  directory possibly exposing a wide variety of data.
i    From a report:
i    
i    >  Vladimir  Smitka  began  his  .git directory odyssey in July
i    when  he  began looking at Czech websites to find how many were
i    improperly  configured  and  allow access to their .git folders
i    within  the file versions repository. Open .git directories are
i    a  particularly  dangerous  issue,  he  said,  because they can
i    contain  a  great  deal  of sensitive information. "Information
i    about  the  website's structure, and sometimes you can get very
i    sensitive   data   such   as   database  passwords,  API  keys,
i    development  IDE  settings,  and  so  on.  However,  this  data
i    shouldn't  be  stored  in the repository, but in previous scans
i    of  various  security issues, I have found many developers that
i    do  not  follow  these  best  practices,"  Smitka wrote. Smitka
i    queried  230  million websites to discover the 390,000 allowing
i    access  to  their  .git  directories.  The vast majority of the
i    websites  with  open directories had a .com TLD with .net, .de,
i    .org and uk comprising most of the others.
i    
i    
i    
i    [1] https://www.scmagazine.com/home/news/400000-websites-vulne-
i    rable-through-exposed-git-directories/
i