Scanning 2.6 Million Domains for Exposed .Env Filesby@sdcat
7,058 reads

Scanning 2.6 Million Domains for Exposed .Env Files

tldt arrow
EN
Read on Terminal Reader🖨️
JS🚫

Too Long; Didn't Read

A software developer scanned 2.6 million domains for exposed.env files. He found 135 database users and passwords, 48 e-mail user accounts with passwords, 11 live credentials for payment providers (like Stripe or Paypal) 98 secret tokens for different APIs and 128 app secrets. The dangerous aspect is that the passwords and secrets are in unencrypted form in the.env file. When the web server is misconfigured and this.env file is delivered by the web. server, anyone can. query this data.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Scanning 2.6 Million Domains for Exposed .Env Files
sdcat HackerNoon profile picture

@sdcat

sdcat

react to story with heart

RELATED STORIES

L O A D I N G
. . . comments & more!
Hackernoon hq - po box 2206, edwards, colorado 81632, usa