Possible Vulnerability

Question

Possible Vulnerability

HKResearch opened this issue 10 years ago · 1 comments

Hello,

We are conducting research on the unintended exposure of secrets in GitHub repositories. In a recent scan we conducted of GitHub repositories, our tool detected that one of your repositories appears to expose a secret, and we've confirmed this possibility by manual inspection. The details are below:

# Branch: master
## File: teardown-tattler/cms/wp-config.php
## Line: 28


# Branch: master
## File: teardown-tattler/cms/wp-config.php
## Line: 34


# Branch: master
## File: teardown-tattler/cms/wp-config.php
## Line: 31

If this information is indeed intended to be secret, we would recommend that you remove this file from the repository (using .gitignore) and generate new passwords for the vulnerable accounts. We would much appreciate a response, letting us know if we are mistaken in concluding that this is a secret, or if you made changes as a result of this report.

Thank you.

Answer 1 · 2014-07-03T17:47:28.000Z

Remedied.

On Thu, Jul 3, 2014 at 12:42 PM, HKResearch notifications@github.com
wrote:

Hello,

We are conducting research on the unintended exposure of secrets in GitHub
repositories. In a recent scan we conducted of GitHub repositories, our
tool detected that one of your repositories appears to expose a secret, and
we've confirmed this possibility by manual inspection. The details are
below:

Branch: master

File: teardown-tattler/cms/wp-config.php

Line: 28

Branch: master

File: teardown-tattler/cms/wp-config.php

Line: 34

Branch: master

File: teardown-tattler/cms/wp-config.php

Line: 31

If this information is indeed intended to be secret, we would recommend
that you remove this file from the repository (using .gitignore) and
generate new passwords for the vulnerable accounts. We would much
appreciate a response, letting us know if we are mistaken in concluding
that this is a secret, or if you made changes as a result of this report.

Thank you.

—
Reply to this email directly or view it on GitHub
#1.

Briston Davidge
e briston@luminopolis.com
c 816 812 7245
o 888 HEY LUMI

Luminopolis* - Online Solutions for Enlightened Communities.*