750 plus websites exposed due to Laravel debug mode

750 plus websites exposed due to Laravel debug mode

A debug mode in the Laravel PHP framework exposes nearly 768 websites, this was uncovered by Comparitech and its security researchers.

Laravel, a popular open-source PHP framework for developing web applications. It has a debug mode that allows developers to identify errors and misconfigurations on the sites’ network before websites go live. However, many developers fail to disable the debug mode even after going live, thereby exposing backend website details such as database locations, credentials, secret keys, and other sensitive information.

What is the impact?

Researchers said that this exposure could allow attackers to potentially hack email servers, explore source code structure, find weak points, re-use passwords on other systems, and many more. This human error has exposed over 768 websites, of which, 10 to 20 percent of them contain sensitive configurations. Researchers noted that most of the exposed websites belong to charities and small businesses. This has also impacted several websites that are used for the 2020 US presidential election campaign. Worth noting