Development configuration file https://myetherwallet.com/
State Informative (Closed)
Disclosed publicly 2018-08-08T21:43:16.025Z
Reported To
Weakness none
Bounty
Collapse


Timeline
submitted a report to MyEtherWallet .
2018-07-26T09:05:58.088Z

Vulnerability description
A configuration file (e.g. Vagrantfile, Gemfile, Rakefile, ...) was found in this directory. This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems.
This vulnerability affects /package.json.

AFFECTED URL:

POC

https://myetherwallet.com/package.json

These files may disclose sensitive information. This information can be used to launch further attacks.

PATCH

Remove or restrict access to all configuration files accessible from internet.

Impact

These files may disclose sensitive information. This information can be used to launch further attacks.

Regards,
Frans

  • 0 attachments:
lollipup Activities::Comment
2018-07-26T21:15:02.978Z
Hi @mrbean , Thanks for your submission. We are currently reviewing your report and will get back to you once we have additional information to share. Kind regards, @lollipup


chessmast3r Activities::BugInformative
2018-07-27T12:13:15.520Z
Hi @mrbean, We appreciate the information and will consider this in the future, but we are not taking immediate action at this time as a result of this report and not tracking this as a security issue. Therefore, we'll be closing this as Informative. Thanks and we're looking forward to working with you on future reports. Kind regards. @chessmast3r


mrbean Activities::AgreedOnGoingPublic
2018-07-28T11:23:53.631Z


olchik Activities::AgreedOnGoingPublic
2018-08-08T21:43:15.951Z
Hi @mrbean, As you requested, I am disclosing this report to the public.


olchik Activities::ReportBecamePublic
2018-08-08T21:43:16.053Z