What is the issue?
Comparitech along with security researchers Bob Diachenko and Sebastien Kaul have uncovered almost 768 websites that were exposed via Laravel’s debug mode.
What is the root cause?
Laravel is a popular open-source PHP framework that is used to develop web applications.
What is the impact?
Researchers said that this exposure could allow attackers to potentially hack email servers, explore source code structure, find weak points, re-use passwords on other systems, and many more.
Researchers who found the exposed websites have started notifying the website owners about the exposures from October 11, 2019, onwards.
“The debug interface can be accessed from a web browser. It often contains plain-text sensitive details and API credentials like shared secrets, passwords, and database locations—information that hackers can use to steal data or develop further attacks on the system,” researchers said.