CAse Study

CloudSEK SVigil secured a mobile payment services firm from Misconfigured Git Exposing backend Source Code

How a Major Mobile Payment Services Company and how CloudSEK's SVigil WebApp Scanner identified this vulnerability, allowing for timely remediation to prevent potential intellectual property theft, reputational damage, and competitive risks.

the customer

An Indian mobile payment services company

Industry

Financial Services

Geography

India

CloudsEK Product
Attack vector

Misconfigured .git directory

USe Case

Exposure of backend source code and sensitive information due a 3rd party vendor misconfiguration

Problem & CloudSEK Solution

CloudSEK SVigil WebApp Scanner Identified two assets belonging to a Mobile Payment Services Company with misconfigured .git directories, allowing attackers to extract backend source code and sensitive data by regenerating git objects and directories.

Remediation

CloudSEK Implemented stringent access controls and authentication for sensitive repositories, and conducted a thorough review of the Git configuration to ensure that sensitive information, such as Git PAT tokens, were not exposed. Additionally, employees were trained on secure coding and data handling practices.

Impact

Misconfigured .git in risks source code leakage, IP theft, and reputational damage, undermining customer trust and posing competitive and financial risks to the Mobile Payment Services company.

A security breach at a Mobile Payment Services Company could cause operational disruptions, necessitate costly investigations and security upgrades, impact productivity and financials, and pose challenges in rebuilding trust with customers and partners.

Read more: Nissan source code was similarly leaked through a misconfigured Git server.