Security News > 2023 > November > Leaving Authentication Credentials in Public Code

Leaving Authentication Credentials in Public Code
2023-11-16 12:10

Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language.

Nearly 3,000 projects contained at least one unique secret.

Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000.

The credentials exposed provided access to a range of resources, including Microsoft Active Directory servers that provision and manage accounts in enterprise networks, OAuth servers allowing single sign-on, SSH servers, and third-party services for customer communications and cryptocurrencies.

Björn November 16, 2023 7:34 AM. I think there are some errors in the post here.

Grahame Grieve November 16, 2023 7:34 AM. Many of those will be mock credentials for unit tests.


News URL

https://www.schneier.com/blog/archives/2023/11/leaving-authentication-credentials-in-public-code.html