Commit | Line | Data |
---|---|---|
299a08f3 NR |
1 | 0400,000 Websites Vulnerable Through Exposed .git Directories (scmagazine.com) null/SLASHDOT/0102639752 70\r |
2 | i Thursday September 06, 2018 @11:30PM (msmash)\r | |
3 | i from the security-woes dept.\r | |
4 | i\r | |
5 | i Open .git directories are a bigger cybersecurity problem than\r | |
6 | i many might imagine, at least according to a Czech security\r | |
7 | i researcher who discovered almost 400,000 web pages with an\r | |
8 | i open .git directory possibly exposing a wide variety of data.\r | |
9 | i From a report: Vladimir Smitka began his .git directory\r | |
10 | i odyssey in July when he began looking at Czech websites to\r | |
11 | i find how many were improperly configured and allow access to\r | |
12 | i their .git folders within the file versions repository. Open\r | |
13 | i .git directories are a particularly dangerous issue, he said,\r | |
14 | i because they can contain a great deal of sensitive\r | |
15 | i information. "Information about the website's structure, and\r | |
16 | i sometimes you can get very sensitive data such as database\r | |
17 | i passwords, API keys, development IDE settings, and so on.\r | |
18 | i However, this data shouldn't be stored in the repository, but\r | |
19 | i in previous scans of various security issues, I have found\r | |
20 | i many developers that do not follow these best practices,"\r | |
21 | i Smitka wrote. Smitka queried 230 million websites to discover\r | |
22 | i the 390,000 allowing access to their .git directories. The\r | |
23 | i vast majority of the websites with open directories had a .com\r | |
24 | i TLD with .net, .de, .org and uk comprising most of the others.\r | |
25 | i\r |