back to article ProtonMail-run website boasting 'complete guide' to GDPR left credential-baring .git repo exposed online

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. The vulnerability in question allowed the entire contents of the website's /.git/ repository to be cloned, as Pen Test Partners explained in a blog post about what it …

  1. Anonymous Coward
    Anonymous Coward

    3.6 Roentgen Not great, Not terrible

    Obviously this is very sub-optimal. But I guess they are at least being open and transparent in their failure. Many companies wouldn't be.

  2. FlamingDeath
    Thumb Up

    I'm feeling forgiving

    We all make mistakes :D

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020