A misconfiguration exists that exposes files that may contain sensitive credentials on affected servers. This occurs when the server does not have proper access controls and allows indexing and direct reference to files that are supposed to be private.
Exploitation
Stages
- An attacker sends a GET request to a server attempting to disclose a .env file.
- The server responds with a 200 and the information in the .env file.
Prerequisites
A .env file must be present in the web directories. The directory must not have a silencer php/html index file or proper .htaccess file.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
The following steps are recommended for mitigation:
- Use the .htaccess file in the web root to disable indexing by adding the following:
Options -indexes - Use the .htaccess file to deny access to any file matching .env with the following:
<FilesMatch “^\.env”>
Order allow,deny
Deny from all
</FilesMatch> - Include an index.html file that is empty.
- Include an index.php file to silence, such as the following:
<?php //silence is golden
Comments
0 comments
Please sign in to leave a comment.