Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-738
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A Wiz-monitored asset is both internet-facing and has secrets stored in plaintext environment variables. Internet exposure provides the initial access vector, and plaintext secrets in environment variables provide immediate credential harvest upon compromise. Any vulnerability in the public-facing application — RCE, SSRF, LFI — gives attackers direct access to production credentials.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.no_env_var_secret', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Public Facing (True/False)
==
1
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum