How a Major Mobile Payment Services Company and how CloudSEK's SVigil WebApp Scanner identified this vulnerability, allowing for timely remediation to prevent potential intellectual property theft, reputational damage, and competitive risks.
An Indian mobile payment services company
Financial Services
India
Misconfigured .git directory
Exposure of backend source code and sensitive information due a 3rd party vendor misconfiguration
CloudSEK SVigil WebApp Scanner Identified two assets belonging to a Mobile Payment Services Company with misconfigured .git directories, allowing attackers to extract backend source code and sensitive data by regenerating git objects and directories.
CloudSEK Implemented stringent access controls and authentication for sensitive repositories, and conducted a thorough review of the Git configuration to ensure that sensitive information, such as Git PAT tokens, were not exposed. Additionally, employees were trained on secure coding and data handling practices.
Misconfigured .git in risks source code leakage, IP theft, and reputational damage, undermining customer trust and posing competitive and financial risks to the Mobile Payment Services company.
A security breach at a Mobile Payment Services Company could cause operational disruptions, necessitate costly investigations and security upgrades, impact productivity and financials, and pose challenges in rebuilding trust with customers and partners.
Read more: Nissan source code was similarly leaked through a misconfigured Git server.