Development configuration files

Description

During the scan, Kayran managed to locate configuration files that are, or were, used in development.

These files might disclose sensitive, valuable information. This information can be used to assist attackers in launching targeted attacks.

For example, attackers can find “unreferenced” or forgotten configuration files that can be used to obtain important information about the site’s infrastructure. Information such as the credentials being used and so on.

Recommendation

Remove or deny access to all configuration files that are accessible through the internet.
Make sure only the right people have access to these files.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/04-Review_Old_Backup_and_Unreferenced_Files_for_Sensitive_Information

https://cwe.mitre.org/data/definitions/538.html

< Return to all Vulnerabilities

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »