Exposed Credentials
File: devspace/.env.devspace
Laravel APP_KEY
APP_KEY=base64:R7ErAo+lGcenuwxia/CG4raozxe7lYviGc7gHizfUHw=
Database Credentials
DB_USERNAME=codeweek
DB_PASSWORD=pass123
DB_DATABASE=codeweek
Impact
The Laravel APP_KEY is used for:
- Encrypting cookies and sessions — exposure allows session hijacking
- Encrypting model attributes — if used, encrypted data can be decrypted
- CSRF token generation — predictable tokens could allow CSRF attacks
- Password reset token signing — forged tokens could reset any user's password
The weak database password (pass123) is easily guessable.
Recommendation
- Regenerate the Laravel APP_KEY immediately (
php artisan key:generate)
- Use a strong database password instead of
pass123
- Move secrets to environment variables managed by the deployment platform
- Add this file to
.gitignore if it contains real credentials
This issue was automatically generated as part of a security audit. For support: buymeacoffee.com/muhamedfazalps
Exposed Credentials
File:
devspace/.env.devspaceLaravel APP_KEY
Database Credentials
Impact
The Laravel
APP_KEYis used for:The weak database password (
pass123) is easily guessable.Recommendation
php artisan key:generate)pass123.gitignoreif it contains real credentialsThis issue was automatically generated as part of a security audit. For support: buymeacoffee.com/muhamedfazalps