An environment (.env) file with database credentials was left open by the French high-tech industrial organization Exail.
Database login information was present in the exposed.env file of Exail.
Using the credentials, attackers might have accessed the company's data if the database had been accessible to the general public. It was closed to the public in this instance though.
Denial of service (DoS) attacks against the unprotected web server might also be launched by the attackers using OS-specific flaws, overwhelming it with a barrage of requests and causing it to stop functioning.
TPRM report: https://scoringcyber.rankiteo.com/company/exail
"id": "exa225423923",
"linkid": "exail",
"type": "Breach",
"date": "09/2023",
"severity": "25",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Industrial',
'location': 'France',
'name': 'Exail',
'type': 'High-tech Industrial Organization'}],
'attack_vector': 'Exposed Environment File',
'data_breach': {'file_types_exposed': '.env',
'type_of_data_compromised': 'Database credentials'},
'description': 'An environment (.env) file with database credentials was left '
'open by the French high-tech industrial organization Exail. '
'Database login information was present in the exposed .env '
'file of Exail. Using the credentials, attackers might have '
"accessed the company's data if the database had been "
'accessible to the general public. It was closed to the public '
'in this instance though. Denial of service (DoS) attacks '
'against the unprotected web server might also be launched by '
'the attackers using OS-specific flaws, overwhelming it with a '
'barrage of requests and causing it to stop functioning.',
'impact': {'systems_affected': 'Web server'},
'title': 'Exail Environment File Exposure',
'type': 'Data Exposure, Potential DoS Attack',
'vulnerability_exploited': 'Exposed .env file with database credentials'}