ProtonMail-run website boasting ‘complete guide’ to GDPR left credential-baring .git repo exposed online


Someone teaching GDPR rules to others

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password.

The vulnerability in question allowed the entire contents of the website’s /.git/ repository to be cloned, as Pen Test Partners explained in a blog post about what it found on advice site

Read more…