Date: Fri, 24 Jul 2020 21:02:27 +0530 From: gugan gugan <gugan1304@gmail.com> To: bugs@freebsd.org, bhughes@freebsd.org, cy@freebsd.org, doc@freebsd.org Message-ID: <CAFtAWiwNA%2B28uWsw68Pjm-Wbzev%2B0Ozc6xQ%2BsS41fGmXS01CUA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
While searching on Github about "DB_PASSWORD=".i found some juicy information like a username and password of this subdomain ( https://github.com/freebsd/freebsd-ports-kde/blob/543171d969548daae5b6a3659a633fd7987ebc19/www/rt50/Makefile), internal ip of the database and its username & password In the following link ( https://github.com/freebsd/freebsd-ports-kde/blob/543171d969548daae5b6a3659a633fd7987ebc19/www/rt50/Makefile ) you could find this info XML_URL = https://github.com/freebsd/freebsd-ports-kde/blob/543171d969548daae5b6a3659a633fd7987ebc19/www/rt50/Makefile ----------------------------------------------------------------------------------------------------------------- DB_DBA_PASSWORD?= DB_USER?= rt_user DB_PASSWORD?= rt_pass DB_HOST?= localhost DB_DATABASE?= rt5 WEB_USER?= ${WWWOWN} WEB_GROUP?= ${WWWGRP} LIBS_GROUP?= wheel HAS_CONFIGURE= yes NO_BUILD= yes ------------------------------------------------------------------------------------------------------------------ You should change passwords of the leaked account and remove this info from github Impact any attacker can login to this sub domain and do unauthorized actions If any one was able to be inside the network he would connect to the leaked database ip and steal important information
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFtAWiwNA%2B28uWsw68Pjm-Wbzev%2B0Ozc6xQ%2BsS41fGmXS01CUA>