Millions of servers expose Git metadata, thousands leak credentials

As reported by Security Affairs, a recent study by Mysterium VPN has uncovered significant security weaknesses affecting nearly 5 million public web servers worldwide. The research highlights that a substantial number of these servers are exposing sensitive Git repository metadata, with a particularly alarming portion also leaking deployment credentials.

The study identified approximately 4.96 million IP addresses with publicly accessible .git directories. More critically, over 250,000 of these exposed directories contained .git/config files, which often hold active deployment credentials. This misconfiguration allows attackers to potentially reconstruct source code, steal secrets, and gain unauthorized access. The United States, Germany, and France were identified as the regions with the highest number of affected servers. Exposed Git data can lead to credential theft and unauthorized code commits, and facilitate lateral movement into cloud environments.

This widespread exposure underscores a critical gap in deployment practices and server configurations. Organizations must implement robust security measures, including blocking public access to .git folders, ensuring Git data is kept out of production environments, and promptly rotating any compromised credentials.

Source: Security Affairs