| Details | |
|---|---|
| Alert ID | 40034 |
| Alert Type | Active |
| Status | release |
| Risk | Medium |
| CWE | 215 |
| WASC | 13 |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A06 OWASP_2021_A05 POLICY_QA_FULL WSTG-V42-CONF-05 |
| More Info |
Scan Rule Help |
Summary
One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information.
Solution
Ensure the .env file is not accessible.Other Info
References
- https://www.google.com/search?q=db_password+filetype%3Aenv
- https://mobile.twitter.com/svblxyz/status/1045013939904532482