Source Code Disclosure

Source code meant for the server side was found exposed publicly. This makes it easier for an attacker to find other vulnerabilities or credentials hard-coded in the code.

What can happen?

An attacker can read the source code. This is done either to find other vulnerabilities to exploit further, or to use credentials found in the code to log into those systems.


To remediate this you need to understand how the source code is exposed and take action in order to stop disclosing it. There is no universal solution here as it all depends on how the source code was disclosed.

A good idea is to not hard-code credentials into the code. This will not make source code disclosure less likely, but if it does occur, it will at least be less severe. Database credentials are an example of details often hard-coded into the code.

Something to keep in mind is that if a source code disclosure with login credentials is discovered it is of great importance to change all potentially leaked passwords. It is way too common to just stop the leak, but you can never know how far the leaked details have spread.