• Creation
  • Validation
  • Communication & fix
  • Disclosure

ac-clermont.fr / Exposure of public .env file

zythop reported 2021-10-09

A public accessible .env has been found, potentially leaking personal information : https://interlocuteur-unique.ac-clermont.fr/.env

IP:
194.254.204.79
Port:
443
Detected protocol:
https
# This file is a "template" of which env vars need to be defined for your application
# Copy this file to .env file for development, create environment variables when deploying to production
# https://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
VERSION='0.5.1'
###> symfony/framework-bundle ###
APP_ENV=prod
APP_SECRET=<redacted>
#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
#TRUSTED_HOSTS=localhost,example.com
###< symfony/framework-bundle ###

###> symfony/swiftmailer-bundle ###
# For Gmail as a transport, use: "gmail://username:password@localhost"
# For a generic SMTP server, use: "smtp://localhost:25?encryption=&auth_mode="
# Delivery is disabled by default via "null://localhost"
MAILER_URL=null://localhost
###< symfony/swiftmailer-bundle ###
## correspond au mail destinatire de l"interlocuteur unique
MAIL_INTERLOCUTEUR_UNIQUE='["<redacted>@ac-clermont.fr"]'
## Mail destinataire pour l"école inclusive.
MAIL_ECOLE_INCLUSIVE='["<redacted>@ac-clermont.fr"]'
## Mails pour les services
MAIL_IU_PSYEN_03_MAIL='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_15_MAIL='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_43_MAIL='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_63_MAIL='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_1D_PU_MAIL='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_2D_PU='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PSYEN_2D_PR='["<redacted>@ac-clermont.fr"]'
MAIL_IU_PERSEN_ITRF='["<redacted>@ac-clermont.fr"]'
## Permet de définir le préfix pour les sujets des mails de l'école inclusive
MAIL_PREFIX_ECOLE_INCLUSIVE='[EI]'
## Permet de définir le préfix pour les sujets des mails de l'interlocuteur unique
MAIL_PREFIX_INTERLOCUTEUR_UNIQUE='[IU]'

###> doctrine/doctrine-bundle ###
# Format described at http://docs.doctrine-project.org/projects/doctrine-dbal/en/latest/reference/configuration.html#connecting-using-a-url
# For an SQLite database, use: "sqlite:///%kernel.project_dir%/var/data.db"
# Configure your db driver and server_version in config/packages/doctrine.yaml
DATABASE_URL=mysql://interlo-unique:<redacted>3306/interlocuteur-unique
###< doctrine/doctrine-bundle ###

###> google/recaptcha ###
# To use Google Recaptcha, you must register a site on Recaptcha's admin panel:
# https://www.google.com/recaptcha/admin
GOOGLE_RECAPTCHA_SITE_KEY=
GOOGLE_RECAPTCHA_SECRET=
###< google/recaptcha ###

###> excelwebzone/recaptcha-bundle ###
EWZ_RECAPTCHA_SITE_KEY=
EWZ_RECAPTCHA_SECRET=
###< excelwebzone/recaptcha-bundle ###

### Lien vers la rubrique du site académique.
LIEN_RUBRIQUE_ECOLE_INCLUSIVE='http://www.ac-clermont.fr/ecole-inclusive'

### Lien vers la placeforme école inclusive.
LIEN_PLATEFORME_ECOLE_INCLUSIVE='https://arena.ac-clermont.fr/ecole-inclusive/'
Found by DotEnvConfigPlugin 2021-08-01
Report created by zythop  2021-10-09
Report approved by BloodyShell  2021-10-09
New PDF report generated by system 2021-10-09
Report dispatched to ...@... by system 2021-10-09
Report edited by BloodyShell  2021-10-13
New PDF report generated by system 2021-10-13
Report dispatched to ...@... by system 2021-10-13
system commented 2021-11-03: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

Report comment 073b50 approved by BloodyShell  2021-11-03
New PDF report generated by system 2021-11-03
Report comment dispatched to zythop by system 2021-11-03
Report comment dispatched to webmestre@ac-clermont.fr by system 2021-11-03
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2021-11-03
Report marked as fixed by BloodyShell  2021-11-03
Report closed by BloodyShell  2021-11-03
New PDF report generated by system 2021-11-03
Report edited by BloodyShell  2021-11-03
New PDF report generated by system 2021-11-03
Information
Owner ac-clermont.fr
Created 2021-10-09 10:27
Updated 2021-11-03 18:45
Fixed true

Contacts
w...@ac-clermont.fr
c...@ssi.gouv.fr

Status
Status closed
Hosting contacted false
CERT contacted false

Download report