:: $10B CVE Scanning market defeated by a keytab in /tmp 🔈

In Linux, files are often used to store credentials and security tokens. Due to the default umask of most distributions [022], many files are readable by default (possibly by accident). Combine both of these into a multi-user system and we end up almost guaranteed credential leaks.

Forget CVE scanning, walk before you run and scan for sensitive world-readable files.

$ ./worldreadable.py /tmp | grep '\.password'
/tmp/secret/oops.password
/tmp/deleteme/key.password