Details
Alert ID 40034
Alert Type Active
Status release
Risk Medium
CWE 215
WASC 13
Technologies Targeted All
Tags OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-CONF-05
More Info Scan Rule Help

Summary

One or more .env files seems to have been located on the server. These files often expose infrastructure or administrative account credentials, API or APP keys, or other sensitive configuration information.

Solution

Ensure the .env file is not accessible.

Other Info

References

Code

org/zaproxy/zap/extension/ascanrules/EnvFileScanRule.java