Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Public VCS security issues

From: Lorenz Diener <lorenzd () gmail com>
Date: Thu, 27 Mar 2014 03:10:05 +0100
Another thing that commonly makes its way into repositories is private keys:

https://github.com/search?o=desc&q=%22RSA+PRIVATE+KEY---%22&ref=searchresults&s=indexed&type=Code




On Wed, Mar 26, 2014 at 4:18 PM, Patrik asd <patrik.grinsvall () gmail com>wrote:


Probably old but still an issue:
https://github.com/search?q=mysql.binero.se&ref=cmdform&type=Code

The first hit gives you access to phpmyadmin.

There are TONS of credentials pushed to public repositories. This query
gives 57k results:

https://github.com/search?q=define%28%22DB_PASSWORD%22&type=Code&ref=searchresults

It's easy to prevent from a developers perspective, but still - there are
probably hundreds of thousands of database or other credentials pushed to
public repos.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/



_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: