MyEtherWallet: Development configuration file https://myetherwallet.com/

2018-07-26T09:05:58
ID H1:387061
Type hackerone
Reporter mrbean
Modified 2018-08-08T21:43:16

Description

Vulnerability description A configuration file (e.g. Vagrantfile, Gemfile, Rakefile, ...) was found in this directory. This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files from production systems. This vulnerability affects /package.json.

AFFECTED URL:

POC

https://myetherwallet.com/package.json

These files may disclose sensitive information. This information can be used to launch further attacks.

PATCH

Remove or restrict access to all configuration files accessible from internet.

Impact

These files may disclose sensitive information. This information can be used to launch further attacks.