Applause credentials inadvertently exposed | SC Media

Share This Post



Cybernews reports that major software testing firm Applause had its credentials for various platforms exposed for three months due to an unsecured environment configuration file.

Included in the exposed .env file were Applause’s credentials for Marketo, SalesForce, and Gotowebinar systems, which could result in the compromise of sensitive customer information, marketing details, and operational and financial data from its clients, which includes Microsoft, Google, Dow Jones, and Starbucks, among others, according to Cybernews researchers. Applause also inadvertently leaked credentials for the WordPress Rocket plugin, which could be exploited to adversely affect website performance, as well as the location of the WordPress debug log tool for website troubleshooting before securing the file. Such a development highlights the security weaknesses presented by .env files. “Multiple mistakes can lead to inadvertent exposures, such as access control misconfigurations, forgetting to update the .gitignore file, lack of IP whitelisting, insufficient use of secure and encrypted storage solutions, and others. It’s necessary to periodically check web server configuration, use online scanning tools, or manually try to access .env file through a web browser,” researchers said.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch