Scanning 2.6 Million Domains for Exposed .Env Filesby@sdcat
8,454 reads
8,454 reads

Scanning 2.6 Million Domains for Exposed .Env Files

by sdcat3mNovember 10th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow
EN

Too Long; Didn't Read

A software developer scanned 2.6 million domains for exposed.env files. He found 135 database users and passwords, 48 e-mail user accounts with passwords, 11 live credentials for payment providers (like Stripe or Paypal) 98 secret tokens for different APIs and 128 app secrets. The dangerous aspect is that the passwords and secrets are in unencrypted form in the.env file. When the web server is misconfigured and this.env file is delivered by the web. server, anyone can. query this data.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Scanning 2.6 Million Domains for Exposed .Env Files
sdcat HackerNoon profile picture
sdcat

sdcat

@sdcat

Software developing cat

Share Your Thoughts

About Author

sdcat HackerNoon profile picture
sdcat@sdcat
Software developing cat

TOPICS

Languages

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
L O A D I N G
. . . comments & more!