3.6 Roentgen Not great, Not terrible
Obviously this is very sub-optimal. But I guess they are at least being open and transparent in their failure. Many companies wouldn't be.
An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. The vulnerability in question allowed the entire contents of the website's /.git/ repository to be cloned, as Pen Test Partners explained in a blog post about what it …
Biting the hand that feeds IT © 1998–2020